#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example,dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
#>GNUNUX
BASE {{ general.ldap.ldap_base_dn}}
URI ldaps://{{ general.network.interface_0.domain_name_eth0 }}:636
#<GNUNUX

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

# When no CA certificates are specified the Shared System Certificates
# are in use. In order to have these available along with the ones specified
# by TLS_CACERTDIR one has to include them explicitly:
#TLS_CACERT	/etc/pki/tls/cert.pem
#>GNUNUX
TLS_CERT {{ general.tls_cert_directory }}/openldap.crt
TLS_KEY {{ general.tls_key_directory }}/openldap.key
TLS_CACERT {{ general.tls_ca_directory }}/LDAP.crt
#<GNUNUX

# System-wide Crypto Policies provide up to date cipher suite which should
# be used unless one needs a finer grinded selection of ciphers. Hence, the
# PROFILE=SYSTEM value represents the default behavior which is in place
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
#TLS_CIPHER_SUITE PROFILE=SYSTEM

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON	on

#>GNUNUX
BINDDN {{ general.ldap.ldap_user }}
TIMELIMIT 10
NETWORK_TIMEOUT 10
TIMEOUT 10
BINDPW {{ general.ldap.ldap_user_password }}
#<GNUNUX