---
# Plug LDAP on all servers
- hosts: all
  vars:
    # LDAP binding
    ldap_base: 'dc=crans,dc=org'
    ldap_master_ipv4: '10.231.136.19'
    ldap_local_replica_uri:
      - "ldpa://10.231.136.38"
      - "ldpa://10.231.136.4"
    ldap_master_uri: "ldap://{{ ldap_master_ipv4 }}"
    ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
    ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}"
    ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}"

    # Scripts will tell users to go there to manage their account
    intranet_url: 'https://intranet.crans.org/'

    # SSH keys for root account to use when LDAP is broken
    ssh_pub_keys: "{{ vault_ssh_pub_keys }}"
  roles:
    - ldap-client