{{ ansible_managed | comment }} ldap { server = "ldap://10.128.0.10" # TODO: quand on passera en prod, créer un utilisation dédié identity = "cn=Directory manager" password = "MotDePasseSuperComplique" base_dn = "ou=users,dc=auro,dc=re" user_dn = "LDAP-UserDn" user { base_dn = "${..base_dn}" filter = "{{ '(uid=%{%{Stripped-User-Name}:-%{User-Name}})' }}" } group { base_dn = "${..base_dn}" filter = "(objectClass=posixGroup)" membership_attribute = "memberOf" } update { reply:Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId' } options { # TODO chase_referrals = no rebind = no res_timeout = 10 srv_timelimit = 3 net_timeout = 1 idle = 60 probes = 3 interval = 3 ldap_debug = 0x0028 } pool { start = 0 min = 1 uses = 0 retry_delay = 15 lifetime = 0 idle_timeout = 60 } }