diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml
index a98edf2ab6f43a12c68a3f11c6e9881b50584806..a9b38fc08932ca7fd3275ae693fcdd57f9ef0fae 100644
--- a/roles/ldap_client/tasks/main.yml
+++ b/roles/ldap_client/tasks/main.yml
@@ -1,10 +1,17 @@
 ---
 
 - name: Install OpenLDAP client tools
-  apt: name=ldap-utils state=installed
+  apt:
+    name: ldap-utils
+    state: installed
 
 - name: Deploy LDAP client configuration file
-  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf owner=root group=root mode=0644
+  template:
+    src: ldap.conf.j2
+    dest: /etc/ldap/ldap.conf
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
diff --git a/roles/ldap_server/handlers/main.yml b/roles/ldap_server/handlers/main.yml
index f371e00b27f36cf52c1f48b1527a844666cd6676..d4a3749b9bdff6b05685ccc6270f61da23d3e076 100644
--- a/roles/ldap_server/handlers/main.yml
+++ b/roles/ldap_server/handlers/main.yml
@@ -1,7 +1,11 @@
 ---
 
 - name: Restart rsyslog
-  service: name=rsyslog state=restarted
+  service:
+    name: rsyslog
+    state: restarted
 
 - name: Restart slapd
-  service: name=slapd state=restarted
+  service:
+    name: slapd
+    state: restarted
diff --git a/roles/ldap_server/tasks/backup.yml b/roles/ldap_server/tasks/backup.yml
index 49400c327ef601d4df94d645f122e069d6dbd0ef..794ada3e06d31db3e59b38e3ea85da94429e4b23 100644
--- a/roles/ldap_server/tasks/backup.yml
+++ b/roles/ldap_server/tasks/backup.yml
@@ -1,11 +1,19 @@
 ---
 
 - name: Create directory for storing LDAP database dumps
-  file: path="{{ item }}" state=directory
-        owner=root group=root mode=0700
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
   with_items:
     - "/srv/backup"
 
 - name: Deploy script for creating LDAP database backup dumps
-  copy: src="ldapdump.sh" dest="/etc/duply/main/pre.d/ldapdump.sh"
-        owner=root group=root mode=0700
+  copy:
+    src: "ldapdump.sh"
+    dest: "/etc/duply/main/pre.d/ldapdump.sh"
+    owner: root
+    group: root
+    mode: 0700
diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index 9f07a403a0f7530ef088180827c76ac2f6fb9682..49340de7846ae50ecc29d883747ac5dc1dbf9124 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -1,20 +1,35 @@
 ---
 
 - name: Set domain for slapd
-  debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_domain }}"
+  debconf:
+    name: slapd
+    question: slapd/domain
+    vtype: string
+    value: "{{ ldap_server_domain }}"
 
 - name: Set organisation for slapd
-  debconf: name=slapd question=shared/organization vtype=string value="{{ ldap_server_organization }}"
+  debconf:
+    name: slapd
+    question: shared/organization
+    vtype: string
+    value: "{{ ldap_server_organization }}"
 
 - name: Install slapd
-  apt: name=slapd state=installed
+  apt:
+    name: slapd
+    state: installed
 
 - name: Allow OpenLDAP user to traverse the directory with TLS private keys
-  user: name=openldap append=yes groups=ssl-cert
+  user:
+    name: openldap
+    append: yes
+    groups: ssl-cert
   register: openldap_in_ssl_cert
 
 - name: Restart slapd if group membership has changed (apply immediatelly)
-  service: name=slapd state=restarted
+  service:
+    name: slapd
+    state: restarted
   when: openldap_in_ssl_cert.changed
   tags:
     # [ANSIBLE0016] Tasks that run when changed should likely be handlers
@@ -24,40 +39,61 @@
     - skip_ansible_lint
 
 - name: Install Python LDAP bindings
-  apt: name=python-ldap state=installed
+  apt:
+    name: python-ldap
+    state: installed
 
 - name: Set-up LDAP server to listen on legacy SSL port
-  lineinfile: dest=/etc/default/slapd state=present backrefs=yes
-              regexp='^SLAPD_SERVICES=.*' line='SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
+  lineinfile:
+    dest: /etc/default/slapd
+    state: present
+    backrefs: yes
+    regexp: '^SLAPD_SERVICES=.*'
+    line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
   notify:
     - Restart slapd
 
 - name: Enable slapd service on boot (workaround for systemctl broken handling of SysV)
-  command: rcconf -on slapd
+  command: "rcconf -on slapd"
   register: result
   changed_when: result.stderr == ""
 
 - name: Enable slapd service
-  service: name=slapd state=started
+  service:
+    name: slapd
+    state: started
 
 - name: Deploy system logger configuration file for slapd
-  copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
+  copy:
+    src: slapd_rsyslog.conf
+    dest: /etc/rsyslog.d/slapd.conf
+    owner: root
+    group: root
+    mode: 0644
   notify:
     - Restart rsyslog
 
 - name: Deploy configuration file for log rotation of slapd logs
-  copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
+  copy:
+    src: slapd_logrotate
+    dest: /etc/logrotate.d/slapd
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Change log level for slapd
-  ldap_entry: dn=cn=config state=replace olcLogLevel="{{ ldap_server_log_level }}"
+  ldap_entry:
+    dn: cn=config
+    state: replace
+    olcLogLevel: "{{ ldap_server_log_level }}"
 
 - name: Test if LDAP misc schema has been applied
-  command: ldapsearch -H ldapi:/// -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}misc)' cn
+  command: "ldapsearch -H ldapi:/// -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}misc)' cn"
   register: ldap_misc_schema_present
   changed_when: false
 
 - name: Deploy LDAP misc schema
-  command: ldapadd -H ldapi:/// -Q -Y EXTERNAL -f /etc/ldap/schema/misc.ldif
+  command: "ldapadd -H ldapi:/// -Q -Y EXTERNAL -f /etc/ldap/schema/misc.ldif"
   when: ldap_misc_schema_present.stdout == ""
 
 - name: Deploy LDAP TLS private key
@@ -81,20 +117,35 @@
     - Restart slapd
 
 - name: Deploy configuration file for checking certificate validity via cron
-  copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_ldap.conf"
-        owner=root group=root mode=0644
+  copy:
+    content: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem"
+    dest: "/etc/check_certificate/{{ ansible_fqdn }}_ldap.conf"
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Configure TLS for slapd (includes hardening)
-  ldap_entry: dn=cn=config state=replace olcTLSCertificateFile="/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ansible_fqdn }}_ldap.key"
-              olcTLSCipherSuite="{{ ldap_tls_ciphers }}"
+  ldap_entry:
+    dn: cn=config
+    state: replace
+    olcTLSCertificateFile: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem"
+    olcTLSCertificateKeyFile: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key"
+    olcTLSCipherSuite: "{{ ldap_tls_ciphers }}"
   notify:
     - Restart slapd
 
 - name: Configure SSF
-  ldap_entry: dn=cn=config state=replace olcSecurity=ssf="{{ ldap_server_ssf }}" olcLocalSSF="{{ ldap_server_ssf }}"
+  ldap_entry:
+    dn: cn=config
+    state: replace
+    olcSecurity: "ssf={{ ldap_server_ssf }}"
+    olcLocalSSF: "{{ ldap_server_ssf }}"
 
 - name: Enable the memberof module
-  ldap_entry: dn="cn=module{0},cn=config" state=append olcModuleLoad="{1}memberof"
+  ldap_entry:
+    dn: "cn=module{0},cn=config"
+    state: append
+    olcModuleLoad: "{1}memberof"
 
 - name: Enable the memberof overlay for database
   ldap_entry:
@@ -173,27 +224,38 @@
   with_items: "{{ ldap_entries }}"
 
 - name: Deploy firewall configuration for LDAP
-  copy: src="ferm_ldap.conf" dest="/etc/ferm/conf.d/10-ldap.conf" owner=root group=root mode=0640
+  copy:
+    src: "ferm_ldap.conf"
+    dest: "/etc/ferm/conf.d/10-ldap.conf"
+    owner: root
+    group: root
+    mode: 0640
   notify:
     - Restart ferm
 
 - name: Deploy temporary file with LDAP admin password
-  template: src="ldap_admin_password.j2" dest="/root/.ldap_admin_password"
-            owner=root group=root mode=0400
+  template:
+    src: "ldap_admin_password.j2"
+    dest: "/root/.ldap_admin_password"
+    owner: root
+    group: root
+    mode: 0400
   changed_when: False
 
 - name: Test if LDAP admin password needs to be changed
-  command: ldapwhoami -H ldapi:/// -D "cn=admin,{{ ldap_server_int_basedn }}" -x -y /root/.ldap_admin_password
+  command: "ldapwhoami -H ldapi:/// -D 'cn=admin,{{ ldap_server_int_basedn }}' -x -y /root/.ldap_admin_password"
   register: ldap_admin_password_check
   changed_when: ldap_admin_password_check.rc != 0
   failed_when: False
 
 - name: Update LDAP admin password
-  command: ldappasswd -Y EXTERNAL -H ldapi:/// "cn=admin,{{ ldap_server_int_basedn }}" -T /root/.ldap_admin_password
+  command: "ldappasswd -Y EXTERNAL -H ldapi:/// 'cn=admin,{{ ldap_server_int_basedn }}' -T /root/.ldap_admin_password"
   when: ldap_admin_password_check.rc != 0
 
 - name: Remove temporary file with LDAP admin password
-  file: path="/root/.ldap_admin_password" state=absent
+  file:
+    path: "/root/.ldap_admin_password"
+    state: absent
   changed_when: False
 
 - name: Enable backup