make auditlog working

tasks/main.yml

@@ -219,6 +219,20 @@
   when: ldap_entries is defined
   ignore_errors: true
 
+- name: touch /var/log/ldapaudit.log
+  ansible.builtin.file:
+   path: /var/log/ldapaudit.log
+   owner: "{{ ldap_user }}"
+   group: "{{ ldap_user }}"
+   state: touch
+  tags: auditlog
+
+- name: rotate /var/log/ldapaudit.log
+  tags: auditlog
+  ansible.builtin.template:
+   src: logrotate_auditlog
+   dest: /etc/logrotate.d/
+
 - name: setup backup
   ansible.builtin.import_tasks: backup.yml
   tags: backup_ldap

template logrotate_auditlog

@@ -0,0 +1,7 @@
+/var/log/ldapaudit.log {
+  daily
+  create 640 {{ ldap_user }} {{ ldap_user }}
+  rotate 30
+  missingok
+  notifempty
+}

templates/logrotate_auditlog

@@ -0,0 +1,7 @@
+/var/log/ldapaudit.log {
+  daily
+  create 640 {{ ldap_user }} {{ ldap_user }}
+  rotate 30
+  missingok
+  notifempty
+}