diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index fb9bc2b94be7da8badcfe7bb25bec06f8032ff6e..28defc0b871232f068d2907e25e3028f2d257119 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -1,5 +1,13 @@
 ---
 
+- name: Deploy LDAP TLS private key
+  copy: dest="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}" src="{{ ldap_server_config.tls_key }}"
+        mode=640 owner=root group=openldap
+
+- name: Deploy LDAP TLS certificate
+  copy: dest="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" src="{{ ldap_server_config.tls_certificate }}"
+        mode=644 owner=root group=root
+
 - name: Set domain for slapd
   debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"
 
@@ -26,17 +34,8 @@
 - name: Change log level for slapd
   ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"
 
-- name: Check if TLS private key is available
-  stat: path="{{ ldap_server_config.tls_key }}"
-  register: tls_key
-
-- name: Check if TLS certificate is available
-  stat: path="{{ ldap_server_config.tls_key }}"
-  register: tls_certificate
-
 - name: Configure TLS for slapd
-  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
-  when: tls_key.stat.exists and tls_certificate.stat.exists
+  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}"
   notify:
     - Restart slapd