{{ ansible_managed | comment }}

ldap {

    server = "ldap://ldap-1.int.infra.auro.re"

    # TODO: quand on passera en prod, créer un utilisation dédié
    identity = "cn=Directory manager"
    password = "MotDePasseSuperComplique"

    base_dn = "ou=users,dc=auro,dc=re"

    user_dn = "LDAP-UserDn"

    user {
        base_dn = "${..base_dn}"
        filter = "{{ '(uid=%{%{Stripped-User-Name}:-%{User-Name}})' }}"
    }

    group {
        base_dn = "${..base_dn}"
        filter = "(objectClass=posixGroup)"
        membership_attribute = "memberOf"
    }

    options {
        # TODO
        chase_referrals = no
        rebind = no
        res_timeout = 10
        srv_timelimit = 3
        net_timeout = 1
        idle = 60
        probes = 3
        interval = 3
        ldap_debug = 0x0028
    }

    pool {
        start = ${thread[pool].start_servers}
        min = ${thread[pool].min_spare_servers}
        max = ${thread[pool].max_servers}
        spare = ${thread[pool].max_spare_servers}
        uses = 0
        retry_delay = 30
        lifetime = 0
        idle_timeout = 60
    }

}