* ``ldap_server`` role

  * Updated default set of TLS ciphers used by server

    (``ldap_tls_ciphers`` parameter). All CBC ciphers have been

    dropped. This could introduce incompatibility with older clients

  - **state** (state of the group, optional, defaults to ``present``, this

    should be ``present`` or ``absent``, allowing for removal of old groups)

  Domain that should be used for constructing the base DN of default user LDAP

  database. This should be a sub-domain dedicated to organisation. The base DN

  will be constructed by putting all elements of the sub-domain as ``dc``

  transformed into ``dc=example,dc=com``.

**ldap_server_organization** (string, optional, ``Private``)

enable_backup: false

ldap_entries: []

# Internal value, base DN.

ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

ldap_server_organization: "Private"

ldap_admin_password: adminpassword

ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.cert.pem') }}"

ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.key.pem') }}"

        network_name: private_network

        type: static

    groups:

      - parameters-mandatory

    box: debian/contrib-stretch64

          - "{{ item.name }}"

          - "{{ item.fqdn }}"

      with_items:

        - name: parameters-optional-stretch64_ldap

          fqdn: parameters-optional

        mode: 0644

        state: present

      with_dict:

        10.31.127.23: parameters-optional-stretch64

- hosts: parameters-optional

        mode: 0644

        state: present

      with_dict:

- hosts: backup-server

  become: true

    STARTTLS/TLS.

    """

    assert starttls.rc == 0

    assert starttls.stdout == 'anonymous\n'

    assert tls.rc == 0

    assert tls.stdout == 'anonymous\n'