diff --git a/tasks/main.yml b/tasks/main.yml
index 667c5b9..0629cdd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,34 +1,32 @@
-- name: get some vars
-  set_facts:
-    pla_bind_dn: "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'username' ) }}"
-    pla_bin_pwd:  "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'password' ) }}"
-  tags: always
+# - name: get some vars
+#   ansible.builtin.set_fact:
+#     pla_bind_dn: "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'username' ) }}"
+#     pla_bin_pwd:  "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'password' ) }}"
+#   when: pla_bind_dn is not defined
+#   tags: always
 
-  - name: get archive
-  get_url:
-url: https://github.com/leenooks/phpLDAPadmin/archive/{{ pla_version }}.tar.gz
-dest: /tmp/pla_{{pla_version }}.gz
+- name: get archive
+  ansible.builtin.get_url:
+      url: https://github.com/leenooks/phpLDAPadmin/archive/{{ pla_version }}.tar.gz
+      dest: /tmp/pla_{{pla_version }}.gz
 
-- package:
-    name: [ php-ldap, php-xml ]
-    state: present
+- ansible.builtin.file:
+    path: "{{ pla_install_dir }}"
+    state: directory
 
-- unarchive:
+- ansible.builtin.unarchive:
     dest: /{{ pla_install_dir }}
     src:  /tmp/pla_{{pla_version }}.gz
     remote_src: true
-- file:
+- ansible.builtin.file:
     src: /{{ pla_install_dir }}/phpLDAPadmin-{{ pla_version }}
     state: link
     dest: /{{ pla_install_dir }}/pla
 
-- template:
+- name: "[pla] - configure"
+  vars:
+    bigrandomstring: "{{ lookup('password', '/dev/null chars=ascii_letters,digit length=128', seed=inventory_hostname) | lower }}"
+  ansible.builtin.template:
     src: pla_config.php
     dest: /{{ pla_install_dir }}/pla/config/config.php
 
-- name: deploy apache config
-  template:
-    src: pla_httpd.conf
-    dest: /etc/httpd/conf.d/pla.conf
-  notify: reload_apache
-
diff --git a/templates/pla_config.php b/templates/pla_config.php
index a379a5f..2f770c2 100644
--- a/templates/pla_config.php
+++ b/templates/pla_config.php
@@ -47,7 +47,7 @@
 
 /* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
    to a big random string. */
-$config->custom->session['blowfish'] = imaljdmlkaedmlkezjfmljzaemflezafmlkzhfelmhzafezenull;
+$config->custom->session['blowfish'] = '{{ bigrandomstring }}' ;
 
 /* If your auth_type is http, you can override your HTTP Authentication Realm. */
 // $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');