# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.

# This file is opened as root, so it should be owned by root and mode 0600.

hosts = {{hostname}}
uris = ldapi://%2Frun%2Fshared_sockets%2Fldapi/

# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
# -1 = everything. You may need to recompile OpenLDAP with debugging enabled
# to get enough output.
#debug_level = 0

auth_bind = yes
auth_bind_userdn = uid=%n,ou=Users,{{ldap_root}}

user_attrs = \
  =home=%{ldap:homeDirectory}, \
  =uid=%{ldap:uidNumber}, \
  =gid=%{ldap:gidNumber}, \
  =mail=maildir:/var/spool/mail/%n/Maildir

user_filter = (&(objectClass=posixAccount)(uid=%n))
base = ou=Users,{{ldap_root}}
scope = onelevel