ldap: Refactor ldap roles

* Move ldap/client to software submodule as ldap
* Rename ldap/server to ldap-server

playbooks/collab.yml

@@ -28,7 +28,7 @@
       keytab: /etc/httpd/httpd.keytab
       principals: HTTP/collab.foo.sh@FOO.SH
       group: apache
-    - ldap/client
+    - ldap
 
   tasks:
     - name: redirect root web directory to collab

playbooks/ldap.yml

@@ -23,7 +23,7 @@
 
   roles:
     - base
-    - ldap/server
+    - ldap-server
     - kerberos/kdc
     - role: ldap_netdb
       when: ldap_master is defined

roles/ldap-server/meta/main.yml

@@ -3,5 +3,5 @@
 dependencies:
   - {role: dhparams}
   - {role: kerberos/client}
-  - {role: ldap/client}
+  - {role: ldap}
   - {role: saslauthd}

roles/ldap/client/tasks/main.yml

@@ -1,22 +0,0 @@
----
-
-- name: install packages
-  package:
-    name: openldap-clients
-    state: installed
-
-- name: configure ldap client
-  template:
-    dest: /etc/openldap/ldap.conf
-    src: ldap.conf.j2
-    mode: 0644
-    owner: root
-    group: "{{ ansible_wheel }}"
-
-- name: authenticate to ldap with host certs when running as root
-  template:
-    dest: /root/.ldaprc
-    src: ldaprc.j2
-    mode: 0600
-    owner: root
-    group: "{{ ansible_wheel }}"

roles/ldap/client/templates/ldap.conf.j2

@@ -1,6 +0,0 @@
-
-BASE {{ ldap_basedn }}
-URI {% for item in ldap_server %}ldaps://{{ item }} {% endfor %}
-
-TLS_CACERT {{ tls_bundle }}
-TLS_REQCERT demand

roles/ldap/client/templates/ldaprc.j2

@@ -1,3 +0,0 @@
-TLS_KEY {{ tls_private }}/{{ inventory_hostname }}.key
-TLS_CERT {{ tls_certs }}/{{ inventory_hostname }}.crt
-SASL_MECH external

roles/sssd/meta/main.yml

@@ -1,4 +1,4 @@
 ---
 dependencies:
   - {role: kerberos/client}
-  - {role: ldap/client}
+  - {role: ldap}