---
ldap:
  o: 'Example Com'
  base: 'dc=example,dc=com'
  root_dn: 'cn=admin,dc=example,dc=com'
  root_pw: 'admin'
  root_pw_hash: '{SSHA}T4NWs0yED2vORnKH4fWMSicNH0n0jtwP'
  tls:
    enable: false
    ca: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
    key: '/etc/ssl/private/ssl-cert-snakeoil.key'
    cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
  schema: []
  ous:
    - users
    - apps
    - groups
    - unixgroups
  groupsofnames:
    in: 'ou=groups,dc=example,dc=com'
    names:
      - ldap_admin
      - external_auth
  access_control:
    - >-
      {0}to attrs=userPassword
      by self write
      by group/groupOfNames/member=cn=external_auth,ou=groups,dc=example,dc=com read
      by anonymous auth
      by * none
    - >-
      {1}to attrs=shadowLastChange
      by self write
      by * read
    - >-
      {2}to *
      by users read
      by group/groupOfNames/member=cn=ldap_admin,ou=groups,dc=example,dc=com manage