---

ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldapi:///
  - comment: Set the default bind DN
    option: BINDDN
    value: cn=admin,{{ testsite_ldap_base }}
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/example_ca_chain.pem

local_mail_aliases:
  root: "root john.doe@{{ testsite_domain }}"

smtp_relay_host: mail.{{ testsite_domain }}

smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem

prosody_administrators:
  - john.doe@{{ testsite_domain }}

prosody_tls_key: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.key"

prosody_tls_certificate: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.pem"

prosody_domains:
  - "{{ testsite_domain }}"

prosody_ldap_server: ldap.{{ testsite_domain }}

prosody_ldap_bind_dn: cn=xmpp,ou=services,{{ testsite_ldap_base }}

prosody_ldap_password: xmpp

prosody_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail=$user@$host))'

prosody_ldap_scope: "onelevel"

prosody_ldap_tls: "true"

prosody_ldap_base: "ou=people,{{ testsite_ldap_base }}"