# -*- mode: python; coding: utf-8 -*-

include("mode/space")
include("secrets")
include("ldap")

header("""
Fichier de configuration pour libnss-ldap.

Pour des informations détaillées voir libnss-ldap.conf(5)
ainsi que /usr/share/libnss-ldap/ldap.conf
""")

info["mode"] = 0644

@# +---------------------------------------------------+
@# | Configuration de la communication avec le serveur |
@# +---------------------------------------------------+

@# Base LDAP
%uri "%s" % ldap_socket

@# The distinguished name of the search base.
%base "dc=crans,dc=org"

@# The distinguished name to bind to the server with.
@# Optional: default is to bind anonymously.
@# Please do not put double quotes around it as they
@# would be included literally.
%binddn secrets.ldap_readonly_auth_dn

@# The credentials to bind with.
@# Optional: default is no credential.
#%bindpw secrets.ldap_readonly_password

@# The distinguished name to bind to the server with
@# if the effective user ID is root. Password is
@# stored in /etc/libnss-ldap.secret (mode 600)
@# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
@# of an editor to create the file.
%rootbinddn secrets.ldap_readonly_auth_dn

@# The LDAP version to use (defaults to 3
@# if supported by client library)
%ldap_version 3

@# Search timelimit
%timelimit 5

@# Bind/connect timelimit
%bind_timelimit 5

@# +------------------+
@# | Bases de données |
@# +------------------+

# On n'utilise ldap pour résoudre les bases de données
# passwd, group et shadow

if ldap_filter:
    passwd_filter = "?%s" % ldap_filter
else:
    passwd_filter = ""

%nss_base_passwd "ou=data,dc=crans,dc=org?one%s" % passwd_filter
%nss_base_shadow "ou=data,dc=crans,dc=org?one"
%nss_base_group "ou=Group,dc=crans,dc=org?one"