---

ldap_entries: []
ldap_server_domain: "{{ hostvars[host]['domain'] }}"
# Internal value, base DN.
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
ldap_server_organization: "Private"
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.pem"
ldap_server_tls_key: "{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.key"
ldap_server_ssf: 128
ldap_permissions:
  - >
    to *
    by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
    by dn="cn=admin,{{ ldap_server_int_basedn }}" manage
    by * break
  - >
    to attrs=userPassword,shadowLastChange
    by self write
    by anonymous auth
    by * none
  - >
    to dn.base=""
    by * read
  - >
    to *
    by self write
    by dn="cn=admin,{{ ldap_server_int_basedn }}" write
    by users read
    by * none