# {{ ansible_managed }}
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    {{ldap_base}}
URI     {{ldap_uri}}

#SIZELIMIT  12
#TIMELIMIT  15
#DEREF      never

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ldap/{{ldap_cafile}}
#TLS_CIPHER_SUITE {{ldap_cipher_suite}}
TLS_PROTOCOL_MIN 3.3
TLS_REQCERT demand
TLS_CRLCHECK none

# Sudo settings
SUDOERS_BASE ou=SUDOers,{{ldap_base}}
#SUDOERS_SEARCH_FILTER objectClass=sudoRole
SUDOERS_TIMED yes
#SUDOERS_DEBUG 1