add role ldap/nss

roles/ldap/nss/templates/nslcd.conf.j2

@@ -0,0 +1,25 @@
+uid nslcd
+gid ldap
+
+uri {% for server in ldap_server %}ldaps://{{ server }} {% endfor %}
+base {{ ldap_basedn }}
+
+# time out searches after 30 seconds
+timelimit 30
+# close idle connections after 10 minutes
+idle_timelimit 600
+# do not search group memberships for local users
+nss_initgroups_ignoreusers ALLLOCAL
+
+pagesize 500
+map group member uniqueMember
+
+# use ssl and verify server cert
+ssl on
+tls_reqcert demand
+tls_cacertfile {{ tls_bundle }}
+
+# use local host cert/key for authentication
+tls_key {{ tls_private }}/{{ inventory_hostname }}.key
+tls_cert {{ tls_certs }}/{{ inventory_hostname }}.crt
+sasl_mech EXTERNAL