{ ... }: {
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../pubkeys/raito.keys
  ];

  users.ldap.daemon = {
    enable = false;
    extraConfig = ''
      # The location at which the LDAP server(s) should be reachable.
      uri ldaps://ldap.federez.net
      uri ldaps://ldap-ro.federez.net
       
      # The search base that will be used for all queries.
      base dc=federez,dc=net
       
      base passwd cn=Utilisateurs,dc=federez,dc=net
      base shadow cn=Utilisateurs,dc=federez,dc=net
      base group ou=posix,ou=groups,dc=federez,dc=net
       
      # The LDAP protocol version to use.
      ldap_version 3
       
      # The DN to bind with for normal lookups.
      binddn cn=nssauth,ou=service-users,dc=federez,dc=net
      bindpw ********TOP-SECRET-PASSWORD-THAT-MUST-BE-CHANGED-FOR-A-VALID-ONE********
    '';
  };
}