# {{ ansible_managed }}

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
{% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %}
{% for uri in groups['ldap_replica_fleming'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'rives_vm' in group_names or 'rives_pve' in group_names %}
{% for uri in groups['ldap_replica_rives'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %}
{% for uri in groups['ldap_replica_pacaterie'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'edc_vm' in group_names or 'edc_pve' in group_names or 'edc_server' in group_names %}
{% for uri in groups['ldap_replica_edc'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'gs_vm' in group_names or 'gs_pve' in group_names %}
{% for uri in groups['ldap_replica_gs'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'ovh_vm' in group_names or 'ovh_container' in group_names or 'ovh_pve' in group_names %}
{% for uri in groups['ldap_replica_ovh'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
uri {{ ldap_master_uri }}

# The search base that will be used for all queries.
base {{ ldap_base }}
base passwd cn=Utilisateurs,{{ ldap_base }}
base shadow cn=Utilisateurs,{{ ldap_base }}
base group ou=posix,ou=groups,{{ ldap_base }}

# The LDAP protocol version to use.
ldap_version 3

# The DN to bind with for normal lookups.
binddn {{ ldap_nslcd_bind_dn }}
bindpw {{ ldap_nslcd_passwd }}

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
#scope sub