uri ldap://ldap.<%= domain %>
base <%= dc_suffix %>
pam_lookup_policy no
pam_password exop
nss_base_passwd ou=People,<%= dc_suffix %>?one
nss_base_shadow ou=People,<%= dc_suffix %>?one
nss_base_group  ou=Group,<%= dc_suffix %>?one

nss_schema rfc2307bis
nss_map_attribute uniqueMember member
sudoers_base ou=sudoers,<%= dc_suffix %>
#sudoers_debug 2

<% if access_class = 'commiters' %>
# for restricted access
nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl
<% end %>