From 0163a5f93264a44fcef8087c37859cb236896042 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 31 May 2019 18:34:39 +0300
Subject: [PATCH] don't use /export for ldap data directory on slaves

---
 roles/ldap/server/tasks/main.yml | 54 ++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 20 deletions(-)

diff --git a/roles/ldap/server/tasks/main.yml b/roles/ldap/server/tasks/main.yml
index d324350..361535c 100644
--- a/roles/ldap/server/tasks/main.yml
+++ b/roles/ldap/server/tasks/main.yml
@@ -7,27 +7,41 @@
     - openldap-servers
     - ldapvi
 
-- name: fix selinux context from ldap data directory
-  sefcontext:
-    path: /export/ldap(/.*)?
-    setype: slapd_db_t
+- block:
+  - name: fix selinux context from ldap data directory
+    sefcontext:
+      path: /export/ldap(/.*)?
+      setype: slapd_db_t
+  - name: create ldap data directory
+    file:
+      path: /export/ldap
+      state: directory
+      mode: 0700
+      owner: ldap
+      group: ldap
+  - name: link ldap data directory
+    file:
+      path: /srv/ldap
+      src: /export/ldap
+      state: link
+      owner: root
+      group: root
+      follow: false
+  when: ldap_master is defined
 
-- name: create ldap data directory
-  file:
-    path: /export/ldap
-    state: directory
-    mode: 0700
-    owner: ldap
-    group: ldap
-
-- name: link ldap data directory
-  file:
-    path: /srv/ldap
-    src: /export/ldap
-    state: link
-    owner: root
-    group: root
-    follow: false
+- block:
+  - name: fix selinux context from ldap data directory
+    sefcontext:
+      path: /srv/ldap(/.*)?
+      setype: slapd_db_t
+  - name: create ldap data directory
+    file:
+      path: /srv/ldap
+      state: directory
+      mode: 0700
+      owner: ldap
+      group: ldap
+  when: ldap_msater is not defined
 
 - name: remove nss cert databases
   file: