Fix some ansible-lint complaints.

roles/ldap/defaults/main.yml

@@ -1,9 +1,9 @@
 ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd chars=ascii_letters,digits length=32') }}"
 ldap_admin_pwd_file: "/root/ldap-admin.pwd"
 basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
-TLSCertificateFile: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-TLSCertificateKeyFile: "/etc/ssl/private/ssl-cert-snakeoil.key"
-lan_homes:  /home/lan
+certpub: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+certpriv: "/etc/ssl/private/ssl-cert-snakeoil.key"
+lan_homes: /home/lan
 min_id: 10000
 max_id: 20000
 ldapuser_gid: 8000

roles/ldap/handlers/main.cfg

@@ -0,0 +1,4 @@
+---
+- name: restart slapd
+  systemd: name=slapd state=restarted
+  listen: restart slapd

roles/ldap/tasks/main.yml

@@ -1,6 +1,7 @@
 ## Install and configure slapd.
 ---
-- fail: msg="The machine's domain must not be empty."
+- name: check if domain name is available
+  fail: msg="The machine's domain must not be empty."
   when: ansible_domain | length == 0
 
 - name: check if slapd is already set up
@@ -87,6 +88,6 @@
   firewalld:
     zone: internal
     service: ldap
-    permanent: yes
-    immediate: yes
+    permanent: true
+    immediate: true
     state: enabled

roles/ldap/tasks/setup.yml

@@ -3,7 +3,7 @@
 - name: preseed ldap domain
   debconf:
     name: slapd
-    question:  slapd/domain
+    question: slapd/domain
     value: "{{ ansible_domain }}"
     vtype: string
 
@@ -24,7 +24,9 @@
   no_log: true
 
 - name: dump admin password
-  shell: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}"
+  shell:
+    cmd: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}"
+    creates: "{{ ldap_admin_pwd_file }}"
   no_log: true
 
 - name: install packages for LDAP
@@ -35,37 +37,35 @@
       - ldapvi
       - python3-ldap
       - ssl-cert
-    state: latest
+    state: latest # noqa package-latest
 
 - name: add openldap to the ssl-cert group
   user:
     name: openldap
     groups: ssl-cert
-    append: yes
-  register: ssl_cert_group
-
-- name: restart slapd
-  systemd: name=slapd state=restarted
-  when: ssl_cert_group.changed
+    append: true
+  notify: restart slapd
 
 - name: make initial slapd configuration available
   copy:
     src: slapd-config.ldif
     dest: /etc/ldap/slapd.d/
+    mode: 0644
 
 - name: make slapd TLS configuration available
   template:
     src: slapd-TLS.ldif
     dest: /etc/ldap/slapd.d/
+    mode: 0644
 
 - name: activate ppolicy schema
-  command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
+  command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif # noqa no-changed-when
 
 - name: initialize slapd if it has just been installed
-  command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif
+  command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif # noqa no-changed-when
 
 - name: configure LDAP TLS
-  command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif
+  command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif # noqa no-changed-when
 
 - name: add URI to ldap.conf
   lineinfile:
@@ -83,7 +83,7 @@
   replace:
     path: /etc/ldap/ldap.conf
     regexp: "^(TLS_CACERT\\s+/etc/ssl/certs/ca-certificates.crt)$"
-    replace: '#\1\nTLS_CACERT\t{{ TLSCertificateFile }}'
+    replace: '#\1\nTLS_CACERT\t{{ certpub }}'
 
 - name: enable pam-mkhomedir
   command: pam-auth-update --enable mkhomedir

roles/ldap/templates/slapd-TLS.ldif

@@ -2,8 +2,8 @@
 dn: cn=config
 changetype: modify
 add: olcTLSCertificateFile
-olcTLSCertificateFile: {{ TLSCertificateFile }}
+olcTLSCertificateFile: {{ certpub }}
 -
 add: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: {{ TLSCertificateKeyFile }}
+olcTLSCertificateKeyFile: {{ certpriv }}
 -