ansible/roles/ldap_client/templates/nslcd.conf.j2
2021-11-22 18:00:57 +01:00

63 lines
1.7 KiB
Django/Jinja

# {{ ansible_managed }}
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
{% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %}
{% for uri in groups['ldap_replica_fleming'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'rives_vm' in group_names or 'rives_pve' in group_names %}
{% for uri in groups['ldap_replica_rives'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %}
{% for uri in groups['ldap_replica_pacaterie'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'edc_vm' in group_names or 'edc_pve' in group_names or 'edc_server' in group_names %}
{% for uri in groups['ldap_replica_edc'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'gs_vm' in group_names or 'gs_pve' in group_names %}
{% for uri in groups['ldap_replica_gs'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
{% if 'ovh_vm' in group_names or 'ovh_container' in group_names or 'ovh_pve' in group_names %}
{% for uri in groups['ldap_replica_ovh'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
uri {{ ldap_master_uri }}
# The search base that will be used for all queries.
base {{ ldap_base }}
base passwd cn=Utilisateurs,{{ ldap_base }}
base shadow cn=Utilisateurs,{{ ldap_base }}
base group ou=posix,ou=groups,{{ ldap_base }}
# The LDAP protocol version to use.
ldap_version 3
# The DN to bind with for normal lookups.
binddn {{ ldap_nslcd_bind_dn }}
bindpw {{ ldap_nslcd_passwd }}
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub