Add openvpn_ldap_config/openvpn_ldap_password_is_cr vars

defaults/main.yml

@@ -179,9 +179,11 @@ openvpn_use_pam_users: []
 
 # LDAP authentication and configuration (optional)
 openvpn_use_ldap: false
+openvpn_ldap_config: '{{ openvpn_etcdir }}/auth-ldap.conf'
 openvpn_ldap_server:  # ldapserver.example.org or ldap://ldapserver.example.org
 openvpn_ldap_tlsenable: 'false'
 openvpn_ldap_follow_referrals: 'false'
+openvpn_ldap_password_is_cr: 'false'
 openvpn_ldap_bind_dn:  # cn=administrator,cn=users,dc=ctc,dc=local
 openvpn_ldap_bind_password:
 openvpn_ldap_base_dn:  # dc=ctc,dc=local

tasks/authentication/ldap.yml

@@ -3,5 +3,5 @@
 - name: Setup LDAP
   template:
     src: authentication/auth-ldap.conf.j2
-    dest: /etc/openvpn/auth-ldap.conf
+    dest: '{{ openvpn_ldap_config }}'
   when: openvpn_use_ldap | bool

templates/authentication/auth-ldap.conf.j2

@@ -5,7 +5,7 @@
   #  - ldap://ldapserver.example.org
   #  - ldaps://ldapserver.example.org
   URL   {% if openvpn_ldap_server | regex_search('(^\w+:\/\/.+$)') %}{{ openvpn_ldap_server }}{% else %}ldap://{{ openvpn_ldap_server }}{% endif %}
-  
+
 
   # Bind DN (If your LDAP server doesn't support anonymous binds)
   # e.g. cn=administrator,cn=users,dc=ctc,dc=local
@@ -44,6 +44,7 @@
   BaseDN    {{ openvpn_ldap_base_dn }}
   # e.g. "sAMAccountName=%u"
   SearchFilter  {{ openvpn_ldap_search_filter }}
+  PasswordIsCR  {{ openvpn_ldap_password_is_cr }}
   RequireGroup  true
   {% if openvpn_ldap_group_search_filter %}
   <Group>

templates/server.conf.j2

@@ -167,7 +167,7 @@ plugin {{openvpn_use_pam_plugin|default(openvpn_use_pam_plugin_distribution)}} o
 {% endif %}
 
 {% if openvpn_use_ldap %}
-plugin {{ openvpn_use_ldap_plugin | default(openvpn_use_ldap_plugin_distribution) }} "/etc/openvpn/auth-ldap.conf"
+plugin {{ openvpn_use_ldap_plugin | default(openvpn_use_ldap_plugin_distribution) }} "{{ openvpn_ldap_config }}"
 {% endif %}
 
 {% if openvpn_simple_auth and openvpn_simple_auth_password %}