# {{ ansible_managed }}

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
{% if ldap_local_replica_uri is defined %}
{% for uri in ldap_local_replica_uri %}
uri {{ uri }}
{% endfor %}
{% endif %}
uri {{ ldap_master_uri }}

# The search base that will be used for all queries.
base {{ ldap_base }}
base passwd {{ ldap_user_tree }}
base shadow {{ ldap_user_tree }}
base group ou=posix,ou=groups,{{ ldap_base }}

# The LDAP protocol version to use.
ldap_version 3

# Time limit to wait for an answer
timelimit 5

# Time limit to wait for a bind
bind_timelimit 5

# The DN to bind with for normal lookups.
binddn {{ ldap_nslcd_bind_dn }}
bindpw {{ ldap_nslcd_passwd }}

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
tls_reqcert allow
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
#scope sub