---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker

# vars file for all hosts to configure nslcd role

# binddn to use to contact LDAP server
nslcd__ldap_binddn: 'cn=BIND_USER,dc=univ-rennes1,dc=fr'

# bind password
nslcd__ldap_bindpw: 'CHANGE_ME'

# Use People base to search users
nslcd__ldap_base_dn: [
  "ou=People",
  "dc=univ-rennes1",
  "dc=fr"
]

# Filter to allow only admins
nslcd__ldap_host_filter: '(memberof=cn=mygroup,ou=Grouper,dc=univ-rennes1,dc=fr)'

# Set nslcd configuration
nslcd__configuration:
  - name: 'uri'
    comment: 'Use LDAP UR1 server'
    value: 'ldap://ldap.univ-rennes1.fr'
  - name: 'nss_min_uid'
    comment: |
      First valid UID/GID number expected to be in the LDAP directory.
      UIDs/GIDs lower than this value will be ignored.
    value: '1000'
  - name: 'nss_initgroups_ignoreusers'
    value: 'postfix,root,sshd,www-data'
    comment: |
      prevents group membership lookups through LDAP for those users.
  - name: 'map_homeDirectory'
    comment: |
      Use the standard /home base for user's home directory.
    option: 'map'
    map: 'passwd'
    value: 'homeDirectory "${homeDirectory:+/home/$uid}"'