--- ldap_client_config: - comment: Set the base DN option: BASE value: dc=example,dc=com - comment: Set the default URI option: URI value: ldapi:/// - comment: Set the default bind DN option: BINDDN value: cn=admin,dc=example,dc=com - comment: Set the LDAP TLS truststore option: TLS_CACERT value: /etc/ssl/certs/truststore.pem ldap_server_config: domain: "example.com" organization: "Example Inc." log_level: 256 tls_certificate: /etc/ssl/certs/ldap.example.com.pem tls_key: /etc/ssl/private/ldap.example.com.pem ssf: 128 ldap_permissions: - filter: '(olcSuffix=dc=example,dc=com)' rules: - > to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="cn=admin,dc=example,dc=com" manage by * break - > to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none - > to dn.base="" by * read - > to * by self write by dn="cn=admin,dc=example,dc=com" write by users read by * none ldap_entries: - dn: "cn={4}misc,cn=schema,cn=config" objectClass: olcSchemaConfig cn: "{4}misc" olcAttributeTypes: - "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )" - "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )" - "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )" - "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )" olcObjectClasses: - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )" - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )" - dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people - dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups - dn: ou=services,dc=example,dc=com objectClass: organizationalUnit ou: services - dn: uid=johndoe,ou=people,dc=example,dc=com objectClass: - inetOrgPerson uid: johndoe cn: John Doe sn: Doe userPassword: johndoe mail: john.doe@example.com - dn: uid=janedoe,ou=people,dc=example,dc=com objectClass: - inetOrgPerson uid: janedoe cn: Jane Doe sn: Doe userPassword: janedoe mail: jane.doe@example.com - dn: cn=xmpp,ou=services,dc=example,dc=com objectClass: - applicationProcess - simpleSecurityObject cn: xmpp userPassword: xmpp - dn: cn=xmpp,ou=groups,dc=example,dc=com objectClass: groupOfUniqueNames cn: xmpp uniqueMember: - uid=johndoe,ou=people,dc=example,dc=com - uid=janedoe,ou=people,dc=example,dc=com - dn: cn=postfix,ou=services,dc=example,dc=com objectClass: - applicationProcess - simpleSecurityObject cn: postfix userPassword: postfix - dn: cn=dovecot,ou=services,dc=example,dc=com objectClass: - applicationProcess - simpleSecurityObject cn: dovecot userPassword: dovecot - dn: cn=mail,ou=groups,dc=example,dc=com objectClass: groupOfUniqueNames cn: mail uniqueMember: - uid=johndoe,ou=people,dc=example,dc=com - uid=janedoe,ou=people,dc=example,dc=com - dn: ou=mail,ou=services,dc=example,dc=com objectClass: organizationalUnit ou: mail - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com objectClass: organizationalUnit ou: domains - dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com objectClass: organizationalUnit ou: aliases - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com objectClass: organizationalUnit ou: domains - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com objectClass: dNSDomain dc: example.com - dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com objectClass: dNSDomain dc: example.org - dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com objectClass: nisMailAlias cn: postmaster@example.com rfc822MailMember: john.doe@example.com