# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
{% for server in ldap_uris %}
uri {{ server }}
{% endfor %}

# The search base that will be used for all queries.
base {{ ldap_search_base }}

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
binddn {{ ldap_bind_dn }}
bindpw {{ ldap_bind_password }}

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
tls_reqcert demand
tls_cacertfile /etc/ldap/{{ ldap_cert }}

# The search scope.
#scope sub

filter passwd (&(objectClass=shadowAccount)(|({{ ldap_users | join(')(') }})))
filter group (&(objectClass=univentionGroup)(|({{ ldap_users | join(')(') }})))