diff --git a/tasks/tls.yml b/tasks/tls.yml index e149fad..ad5c8e3 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -10,7 +10,6 @@ serole: object_r setype: slapd_cert_t seuser: system_u - recurse: True with_items: - "{{ ldap_proxy_tls_cert_path | dirname }}" - "{{ ldap_proxy_tls_key_path | dirname }}" @@ -20,6 +19,8 @@ copy: src: "{{ item.src }}" dest: "{{ item.dest }}" + owner: ldap + group: ldap mode: "{{ item.mode }}" selevel: s0 serole: object_r @@ -27,8 +28,8 @@ seuser: system_u with_items: - { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' } - - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0750' } - - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0750' } + - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' } + - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' } loop_control: label: "{{ item.dest }}" when: ldap_proxy_tls_source_use_files @@ -37,6 +38,8 @@ copy: content: "{{ item.src }}" dest: "{{ item.dest }}" + owner: ldap + group: ldap mode: "{{ item.mode }}" selevel: s0 serole: object_r @@ -44,8 +47,8 @@ seuser: system_u with_items: - { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' } - - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0750' } - - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0750' } + - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' } + - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' } loop_control: label: "{{ item.dest }}" when: ldap_proxy_tls_source_use_content