diff --git a/tasks/setup.yml b/tasks/setup.yml
index 9a30a2c..13db09b 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -14,6 +14,7 @@
         state: directory
         owner: root
         group: root
+        mode: 0750
       loop:
         - "{{ ldap_proxy_base_dir }}"
         - "{{ ldap_proxy_acl_file | dirname }}"
@@ -24,7 +25,7 @@
         dest: "/etc/sysconfig/slapd"
         owner: root
         group: root
-        mode: 0644
+        mode: 0600
       notify: __slapd_restart
 
     - name: Deploy config file to '{{ ldap_proxy_base_dir }}/slapd.conf'
@@ -33,7 +34,7 @@
         dest: "{{ ldap_proxy_base_dir }}/slapd.conf"
         owner: root
         group: root
-        mode: 0644
+        mode: 0640
       notify: __slapd_restart
 
     - name: Deploy access control file '{{ ldap_proxy_acl_file }}'
@@ -42,7 +43,7 @@
         dest: "{{ ldap_proxy_acl_file }}"
         owner: root
         group: root
-        mode: 0644
+        mode: 0640
       notify: __slapd_restart
 
     - name: Deploy custom ldap schemas
@@ -51,7 +52,7 @@
         dest: "/etc/openldap/schema/{{ item | basename }}"
         owner: root
         group: root
-        mode: 0644
+        mode: 0640
       loop: "{{ ldap_proxy_custom_schemas }}"
       notify: __slapd_restart
   become: True
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 736c73c..f4b2749 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -6,6 +6,7 @@
         state: directory
         owner: root
         group: root
+        mode: 0750
         selevel: s0
         serole: object_r
         setype: slapd_cert_t