From 6f0197f693c6d00c6c57ce972f129f289f046e29 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Mon, 16 Mar 2020 19:36:19 +0100
Subject: [PATCH] Restart slapd when keytab is available.  HTTP service
 principal.

---
 roles/krb5-kdc-ldap/handlers/main.yml | 8 ++++++--
 roles/krb5-kdc-ldap/tasks/main.yml    | 3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/krb5-kdc-ldap/handlers/main.yml b/roles/krb5-kdc-ldap/handlers/main.yml
index dd749e0..098de30 100644
--- a/roles/krb5-kdc-ldap/handlers/main.yml
+++ b/roles/krb5-kdc-ldap/handlers/main.yml
@@ -1,7 +1,11 @@
+- name: restart slapd
+  systemd: name=slapd state=restarted enabled=yes
+  listen: "restart slapd"
+
 - name: restart krb5-kdc
-  service: name=krb5-kdc state=restarted enabled=yes
+  systemd: name=krb5-kdc state=restarted enabled=yes
   listen: "restart krb5-kdc"
 
 - name: restart krb5-admin-server
-  service: name=krb5-admin-server state=restarted enabled=yes
+  systemd: name=krb5-admin-server state=restarted enabled=yes
   listen: "restart krb5-admin-server"
diff --git a/roles/krb5-kdc-ldap/tasks/main.yml b/roles/krb5-kdc-ldap/tasks/main.yml
index cb6e78c..dec714d 100644
--- a/roles/krb5-kdc-ldap/tasks/main.yml
+++ b/roles/krb5-kdc-ldap/tasks/main.yml
@@ -173,6 +173,7 @@
   with_items:
     - host
     - ldap
+    - HTTP
   when: not krb5kdc.stat.exists
 
 - name: add principal to the keytab
@@ -180,6 +181,7 @@
   with_items:
     - host
     - ldap
+    - HTTP
   when: not krb5kdc.stat.exists
 
 - name: allow slapd to read the keytab
@@ -188,6 +190,7 @@
     owner: root
     group: openldap
     mode: '0640'
+  notify: restart slapd
 
 - name: "make 'kerberos' an alias hostname resolvable from the LAN"
   replace: