Add LDAP client config and enable pam_umask.

roles/lan-client/tasks/main.yml

@@ -33,6 +33,23 @@
       - nfs-common
     state: latest
 
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldap://ldap/"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
+- name: enable pam_umask
+  lineinfile:
+    dest: /etc/pam.d/common-session
+    line: "session optional	pam_umask.so usergroups"
+
 ## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
 
 - name: install extra packages from stable

roles/ldap/tasks/main.yml

@@ -69,6 +69,18 @@
     replace: '\1	ldap'
   when: not slapd.stat.exists
 
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldapi:///"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
 #######################################################################################
 ## Use the admin password saved to file from now on (available also after installation):
 - name: slurp admin password