LDAP needs to use starttls

defaults/main.yml

@@ -37,3 +37,4 @@ rabbitmq_plugins:
 
 # Enable the public pubsub or not
 rabbitmq_enable_public: false
+#pubsub_federation_pass: ...

tasks/federation.yml

@@ -40,10 +40,12 @@
   community.rabbitmq.rabbitmq_parameter:
     component: "federation-upstream"
     name: "pubsub-to-public_pubsub"
-    value: 'novalue'
+    value: '{"uri": "amqps://pubsub_federation:{{ pubsub_federation_pass }}@{{ rabbitmq_cluster_list[0] }}/%2Fpubsub", "ack-mode": "on-confirm"}'
     state: present
     vhost: /public_pubsub
-  when: rabbitmq_enable_public
+  when:
+    - rabbitmq_enable_public
+    - pubsub_federation_pass
 
 - name: Configure a policy to federate the topic exchange to public
   run_once: true
@@ -56,4 +58,6 @@
     tags:
       federation-upstream: "pubsub-to-public_pubsub"
     vhost: /public_pubsub
-  when: rabbitmq_enable_public
+  when:
+    - rabbitmq_enable_public
+    - pubsub_federation_pass

templates/etc/rabbitmq/rabbitmq.conf.j2

@@ -30,6 +30,9 @@ auth_ldap.dn_lookup_bind.password = {{ rocky_ldap_bind_pw }}
 auth_ldap.dn_lookup_attribute     = uid
 auth_ldap.dn_lookup_base          = {{ rocky_ldap_account_basedn }}
 auth_ldap.port                    = 389
+auth_ldap.connection_pool_size    = 256
+auth_ldap.idle_timeout            = 120000
+auth_ldap.use_starttls            = true
 {% for ldapsrv in rabbitmq_ldap_servers %}
 auth_ldap.servers.{{ loop.index }} = {{ ldapsrv }}
 {% endfor %}