---

local_mail_aliases:
  root: "root john.doe@{{ testsite_domain }}"

smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldapi:///
  - comment: Set the default bind DN
    option: BINDDN
    value: cn=admin,{{ testsite_ldap_base }}
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

ldap_admin_password: admin
ldap_server_consumers:
  - name: prosody
    password: prosody
  - name: postfix
    password: postfix
  - name: dovecot
    password: dovecot
  - name: bollocks
    password: "none"
    state: absent
ldap_server_domain: "{{ testsite_domain }}"
ldap_server_groups:
  - name: xmpp
  - name: mail
  - name: blimey
    state: absent
ldap_server_organization: "Example Inc."
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.key') }}"
ldap_server_ssf: 128

ldap_permissions:
  - >-
      to *
      by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
      by dn="cn=admin,{{ testsite_ldap_base }}" manage
      by * break
  - >-
      to attrs=userPassword,shadowLastChange
      by self write
      by anonymous auth
      by * none
  - >-
      to dn.base=""
      by * read
  - >-
      to *
      by self write
      by dn="cn=admin,{{ testsite_ldap_base }}" write
      by users read
      by * none

ldap_entries:
  - dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
    attributes:
      objectClass:
        - inetOrgPerson
      uid: johndoe
      cn: John Doe
      sn: Doe
      userPassword: johndoe
      mail: john.doe@{{ testsite_domain }}
  - dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
    attributes:
      objectClass:
        - inetOrgPerson
      uid: janedoe
      cn: Jane Doe
      sn: Doe
      userPassword: janedoe
      mail: jane.doe@{{ testsite_domain }}
  - dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: dNSDomain
      dc: "{{ testsite_domain }}"
  - dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: dNSDomain
      dc: "{{ testsite_domain_alternative }}"
  - dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: nisMailAlias
      cn: postmaster@{{ testsite_domain }}
      rfc822MailMember: john.doe@{{ testsite_domain }}