use global variable for default certificate bundle location

group_vars/all.yml

@@ -25,6 +25,7 @@ tls_ciphers_compat: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EC
 # defaults for tls diretories
 tls_certs: /etc/pki/tls/certs
 tls_private: /etc/pki/tls/private
+tls_bundle: /etc/pki/tls/cert.pem
 
 # hardcode this for now
 ansible_datacenter: home

group_vars/openbsd.yml

@@ -8,6 +8,7 @@ ansible_wheel: wheel
 # fix tls directories
 tls_certs: /etc/ssl
 tls_private: /etc/ssl/private
+tls_bundle: "{{ tls_certs }}/cert.pem"
 
 # default resources for new vm
 dsk_size: 10

roles/ldap/client/templates/ldap.conf.j2

@@ -2,5 +2,5 @@
 BASE {{ ldap_basedn }}
 URI {% for item in ldap_server %}ldaps://{{ item }} {% endfor %}
 
-TLS_CACERT {{ tls_certs }}/cert.pem
+TLS_CACERT {{ tls_bundle }}
 TLS_REQCERT demand