# BaseDN
dn: %%ldap_base_dn
%set %%attribute, %%organization = %%ldap_base_dn.split(',', 1)[0].split('=')
%%attribute: %%organization
objectClass: top
%if %%attribute == 'o'
objectClass: organization
%else
objectClass: organizationalUnit
%end if

# Remote
%for %%remote in %%accounts.remotes
 %set %%name = %%normalize_family(%%remote)
dn: %%accounts['remote_' + %%name]['dn_' + %%name]
cn: %%remote
sn: %%remote
uid: %%remote
userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
objectClass: top
objectClass: inetOrgPerson

%end for
dn: ou=users,%%ldap_base_dn
ou: users
objectClass: top
objectClass: organizationalUnit

# Users
%for %%user in %%accounts.users.ldap_user_mail
dn: cn=%%user,ou=users,%%ldap_base_dn
cn: %%user
mail: %%user
sn: %%user.ldap_user_sn
givenName: %%user.ldap_user_gn
uid: %%user.ldap_user_uid
#%%user.ldap_user_password
userPassword:: %%ssha_encode(%%user.ldap_user_password)
objectClass: top
objectClass: inetOrgPerson

%end for