fix(openldap): allow properly configuring the cn=config namespace and the config db

roles/openldap/defaults/main/openldap.yml

@@ -26,11 +26,13 @@ openldap_additional_schemas: []
 openldap_schemas: >-2
   {{ openldap_enabled_schemas + openldap_additional_schemas }}
 
-openldap_config_db: "cn=config"
+openldap_config_dn: "cn=config"
-openldap_config_db_olc_access: >-2
+openldap_config_db_dn: "olcDatabase={0}config,cn=config"
-  to *
+openldap_config_db_olc_access:
+  - '{0} to *
       by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
-    by * none
+      by * none'
+openldap_config_attributes: {}
 openldap_config_db_attributes:
   olcAccess: "{{ openldap_config_db_olc_access }}"
 
@@ -49,7 +51,7 @@ openldap_default_database_directory: >-2
 openldap_default_database_indices: >-2
   {{ openldap_default_indices + openldap_indices }}
 openldap_default_database_config: >-2
-  olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_db }}
+  olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_dn }}
 openldap_default_database:
   name: "{{ openldap_default_database_name }}"
   object_class: "{{ openldap_default_database_object_class }}"
@@ -58,5 +60,6 @@ openldap_default_database:
   root_pw: "{{ openldap_default_database_root_pw }}"
   directory: "{{ openldap_default_database_directory }}"
   indices: "{{ openldap_default_database_indices }}"
+openldap_default_database_olc_access: "{{ openldap_config_db_olc_access }}"
 openldap_databases:
   - "{{ openldap_default_database }}" 

roles/openldap/tasks/configure.yml

@@ -1,9 +1,31 @@
 ---
-- name: Ensure ACLs are configured
+- name: Ensure config attributes are configured
+  community.general.ldap_attrs:
+    dn: "{{ openldap_config_dn }}"
+    attributes: "{{ { entry.key : entry.value } }}"
+    state: exact
+    server_uri: "{{ openldap_socket_url }}"
+  loop: "{{ openldap_config_attributes | dict2items }}"
+  loop_control:
+    loop_var: "entry"
+    label: "{{ entry.key }}"
+
+- name: Ensure config db attributes are configured
+  community.general.ldap_attrs:
+    dn: "{{ openldap_config_db_dn }}"
+    attributes: "{{ { entry.key : entry.value } }}"
+    state: exact
+    server_uri: "{{ openldap_socket_url }}"
+  loop: "{{ openldap_config_db_attributes | dict2items }}"
+  loop_control:
+    loop_var: "entry"
+    label: "{{ entry.key }}"
+
+- name: Ensure ACLs for default database are configured
   community.general.ldap_attrs:
     dn: "{{ openldap_default_database_config }}"
     attributes:
-      olcAccess: "{{ openldap_config_db_olc_access }}"
+      olcAccess: "{{ openldap_default_database_olc_access }}"
     state: "exact"
     server_uri: "{{ openldap_socket_url }}"
   retries: 3