openldap_organization: '{{ ansible_domain }}' #Organization name, defaults to the domain name.
openldap_domain: '{{ ansible_domain }}' #LDAP domain, converted to ldap formatted. Defaults to the domain name of the machine.
openldap_basedn: #LDAP base distinguished name, defaults to machine's domain converted to LDAP format.
openldap_password: #Password for admin account, must be set.
openldap_tls_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem #TLS cert.
openldap_tls_key: /etc/ssl/private/ssl-cert-snakeoil.key #TLS key.
openldap_tls_ca_cert: '{{ openldap_tls_cert }}' #TLS cert for CA.

- hosts: servers
  roles:
     - role: ansible-openldap
       openldap_tls_cert: /etc/ssl/certs/internal.pem
       openldap_tls_key: /etc/ssl/private/internal.key

ldapdelete -Y EXTERNAL -r #Run as root, no password needed.
ldapdelete -rxWD "cn=admin,dc=example,dc=com" #Run as any user, asks for OpenLDAP admin password.

ldapadd -Y EXTERNAL -f backup.ldif #Run as root, no password needed.
ldapadd -xWD "cn=admin,dc=example,dc=com -f backup.ldif #Run as any user, asks for OpenLDAP admin password.