rootbinddn cn=<%= fqdn %>,ou=Hosts,<%= dc_suffix %>

uri ldaps://ldap.<%= domain %>
base <%= dc_suffix %>
timelimit 4
bind_timelimit 4
pam_lookup_policy yes
pam_password exop
nss_base_passwd ou=People,<%= dc_suffix %>?one
nss_base_shadow ou=People,<%= dc_suffix %>?one
nss_base_group  ou=Group,<%= dc_suffix %>?one

nss_schema rfc2307bis
nss_map_attribute uniqueMember member
sudoers_base ou=sudoers,<%= dc_suffix %>
#sudoers_debug 2

<%-
restricted_shell = scope.lookupvar('pam::multiple_ldap_access::restricted_shell')
if restricted_shell
-%>
# for restricted access
nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl
<% end %>