uid nslcd
<% if @operatingsystem == "Ubuntu" -%>
gid nslcd
<% else -%>
gid ldap
<% end -%>

uri <%= @ldap_uri %>
base <%= @ldap_basedn %>

<% if ['ad','activedirectory'].index(@mapping) -%>
pagesize 1000
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*))
map    passwd uid              sAMAccountName
map    passwd gecos            displayName
map    passwd loginShell       "${loginShell:-/bin/bash}"
map    passwd homeDirectory    "${unixHomeDirectory:-/home/$sAMAccountName}"
filter group  (&(objectClass=group)(gidNumber=*))
<%   if @operatingsystem == "CentOS" or (@operatingsystem == "Ubuntu" and scope.function_versioncmp([@operatingsystemrelease, '12.04']) < 0) -%>
map group uniqueMember member
<%   end -%>
<% else -%>
pagesize 500
<%   if @operatingsystem != "CentOS" and (@operatingsystem == "Ubuntu" and scope.function_versioncmp([@operatingsystemrelease, '12.04']) >= 0) -%>
map group member uniqueMember
<%   end -%>
<% end -%>
<% if @auth == 'bind' -%>

binddn <%= @credentials[0] %>
bindpw <%= @credentials[1] %>
<% elsif @auth == 'gssapi' -%>

sasl_mech GSSAPI
krb5_ccname FILE:/var/run/nslcd/krb5cc_nslcd
<% end -%>

<% if @ldap_uri =~ /^ldaps:/ -%>
ssl on
tls_reqcert never
<% else -%>
ssl off
<% end -%>