From a69e66bbac3a9e573c350bb526360839e2537d47 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 27 May 2019 21:10:50 +0300
Subject: [PATCH] initial version of ldap client

---
 roles/ldap/client/tasks/main.yml         | 22 ++++++++++++++++++++++
 roles/ldap/client/templates/ldap.conf.j2 |  5 +++++
 roles/ldap/client/templates/ldaprc.j2    |  2 ++
 3 files changed, 29 insertions(+)
 create mode 100644 roles/ldap/client/tasks/main.yml
 create mode 100644 roles/ldap/client/templates/ldap.conf.j2
 create mode 100644 roles/ldap/client/templates/ldaprc.j2

diff --git a/roles/ldap/client/tasks/main.yml b/roles/ldap/client/tasks/main.yml
new file mode 100644
index 0000000..b45dcdb
--- /dev/null
+++ b/roles/ldap/client/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- name: install packages
+  package:
+    name: openldap-clients
+    state: installed
+
+- name: configure ldap client
+  template:
+    dest: /etc/openldap/ldap.conf
+    src: ldap.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: authenticate to ldap with host certs when running as root
+  template:
+    dest: /root/.ldaprc
+    src: ldaprc.j2
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
diff --git a/roles/ldap/client/templates/ldap.conf.j2 b/roles/ldap/client/templates/ldap.conf.j2
new file mode 100644
index 0000000..b506f12
--- /dev/null
+++ b/roles/ldap/client/templates/ldap.conf.j2
@@ -0,0 +1,5 @@
+
+BASE dc=foo,dc=sh
+URI ldaps://ldap01.home.foo.sh
+
+TLS_CACERT {{ tls_certs }}/ca.crt
diff --git a/roles/ldap/client/templates/ldaprc.j2 b/roles/ldap/client/templates/ldaprc.j2
new file mode 100644
index 0000000..2109aaf
--- /dev/null
+++ b/roles/ldap/client/templates/ldaprc.j2
@@ -0,0 +1,2 @@
+TLS_KEY {{ tls_private }}/{{ inventory_hostname }}.key
+TLS_CERT {{ tls_certs }}/{{ inventory_hostname }}.crt