---

# ldap_server role.
ldap_admin_password: admin
ldap_entries:

  # Users
  - dn: uid=john,ou=people,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: johnpassword
      uid: john
      cn: John Doe
      sn: Doe
      mail: john.doe@domain1
  - dn: uid=jane,ou=people,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: janepassword
      uid: jane
      cn: Jane Doe
      sn: Doe
      mail: jane.doe@domain2
  - dn: uid=mick,ou=people,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: mickpassword
      uid: mick
      cn: Mick Doe
      sn: Doe
      mail: mick.doe@domain3

  - dn: uid=noxmpp,ou=people,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: noxmpppassword
      uid: noxmpp
      cn: No XMPP
      sn: XMPP
      mail: noxmpp@domain1

  # Groups
  - dn: "cn=xmpp,ou=groups,dc=local"
    state: append
    attributes:
      uniqueMember:
        - uid=john,ou=people,dc=local
        - uid=jane,ou=people,dc=local
        - uid=mick,ou=people,dc=local

ldap_server_consumers:
  - name: prosody
    password: prosodypassword

ldap_server_domain: "local"
ldap_server_groups:
  - name: xmpp
ldap_server_organization: "Example"
ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"

# common
ca_certificates:
  testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

# ldap_client
ldap_client_config:
  - comment: CA truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/testca.cert.pem
  - comment: Ensure TLS is enforced
    option: TLS_REQCERT
    value: demand
  - comment: Base DN
    option: BASE
    value: dc=local
  - comment: URI
    option: URI
    value: ldapi:///

# backup_server role.
backup_host_ssh_private_keys:
  dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
  rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
  ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
  ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
backup_clients:
  - server: parameters-optional
    ip: 10.31.127.31
    public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"