diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml
index 46fd880..116cbc2 100644
--- a/group_vars/slapd.yml
+++ b/group_vars/slapd.yml
@@ -1,6 +1,9 @@
 ---
 glob_slapd:
-  master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
+  master_ip: "172.16.42.1"
+  ip: "172.16.42.1"
+  replica: false
+  # master_ip: "{{ query('ldap', 'ip', 'templier', 'adm') | ipv6 | first }}"
   regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*)$"
   replication_credentials: "{{ vault.ldap_replication_credentials }}"
   private_key: "{{ vault.ldap_private_key }}"
diff --git a/hosts b/hosts
index d7f285c..b17bd93 100644
--- a/hosts
+++ b/hosts
@@ -14,7 +14,7 @@ virtu
 vm
 
 [slapd]
-dt.adh.crans.org
+templier.adm.ynerant.fr
 
 [virtu]
 dt.adh.crans.org
diff --git a/plays/slapd.yml b/plays/slapd.yml
new file mode 100755
index 0000000..b044348
--- /dev/null
+++ b/plays/slapd.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: slapd
+  vars:
+    slapd: "{{ glob_slapd | default({}) | combine(service_slapd | default({})) | combine(loc_slapd | default({})) }}"
+  roles:
+    - slapd
diff --git a/roles/slapd/tasks/main.yml b/roles/slapd/tasks/main.yml
index f377a77..66a51ce 100644
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@@ -22,8 +22,8 @@
     group: openldap
   loop:
     - { dest: slapd.conf, mode: "0600" }
-    - { dest: ldap.key, mode: "0600" }
-    - { dest: ldap.pem, mode: "0644" }
+   #- { dest: ldap.key, mode: "0600" }
+   #- { dest: ldap.pem, mode: "0644" }
   notify: Restart slapd
 
 - name: Deploy ldap services
diff --git a/roles/slapd/templates/ldap/slapd.conf.j2 b/roles/slapd/templates/ldap/slapd.conf.j2
index ec6d631..c905799 100644
--- a/roles/slapd/templates/ldap/slapd.conf.j2
+++ b/roles/slapd/templates/ldap/slapd.conf.j2
@@ -33,7 +33,7 @@ moduleload constraint
 overlay constraint
 constraint_attribute description regex {{ slapd.regex }}
   restrict=ldap:///ou=hosts,dc=ynerant,dc=fr??one?(objectClass=device)
-constraint_attribute uid regex ^_
+constraint_attribute uid regex ^ynerant
   restrict=ldap:///ou=passwd,dc=ynerant,dc=fr??one?(objectClass=posixAccount)
 
 moduleload 		syncprov
@@ -41,8 +41,8 @@ moduleload 		syncprov
 
 # TLS Certificates
 #TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3
-TLSCertificateFile /etc/ldap/ldap.pem
-TLSCertificateKeyFile /etc/ldap/ldap.key
+#TLSCertificateFile /etc/ldap/ldap.pem
+#TLSCertificateKeyFile /etc/ldap/ldap.key
 
 # The maximum number of entries that is returned for a search operation
 sizelimit 500
@@ -162,13 +162,13 @@ overlay syncprov
 access to attrs=userPassword,shadowLastChange
         by anonymous auth
         by self write
-        by set="[cn=nounou,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
+        by set="[cn=admin,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
         by dn="cn=replicator,dc=ynerant,dc=fr" read
         by * none
 
 access to attrs=loginShell,mail,telephoneNumber
         by self write
-        by set="[cn=nounou,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
+        by set="[cn=admin,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
         by dn="cn=replicator,dc=ynerant,dc=fr" read
         by * read
 
@@ -186,7 +186,7 @@ access to dn.base="" by * read
 # The admin dn has full write access, everyone else
 # can read everything.
 access to *
-        by set="[cn=nounou,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
+        by set="[cn=admin,ou=group,dc=ynerant,dc=fr]/memberUid & user/uid" write
         by dn="cn=replicator,dc=ynerant,dc=fr" read
         by * read
 {% endif %}