From b0e95287b4088b25731e15488036d74bf74efa74 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Fri, 22 Aug 2025 21:39:40 +0200
Subject: [PATCH] tls: add script to restart slapd when renweing Le certificate

---
 files/le_restart_slapd.sh | 3 +++
 tasks/main.yml            | 7 +++++++
 2 files changed, 10 insertions(+)
 create mode 100644 files/le_restart_slapd.sh

diff --git a/files/le_restart_slapd.sh b/files/le_restart_slapd.sh
new file mode 100644
index 0000000..38fd65b
--- /dev/null
+++ b/files/le_restart_slapd.sh
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+/bin/systemctl restart slapd
diff --git a/tasks/main.yml b/tasks/main.yml
index b67c066..fd2afd6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -194,6 +194,13 @@
     ansible.builtin.file:
       path: /root/ssl.ldif
       state: absent
+
+  - name: restart slapd upon certificate renewal
+    ansible.builtin.copy:
+     src: le_restart_slapd.sh
+     dest: /etc/letsencrypt/renewal-hooks/post/service_slapd.sh
+     mode: 0700
+
   when: ldap_have_ssl
 
 - name: configure ldap aliases - 0/1