bsw@1656: config.ldap = {
bsw@1656:   hosts = {
bsw@1656:     {
bsw@1656:       { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },
bsw@1656:       { uri = "ldap://192.168.1.2", tls = true, timeout = 5 },
bsw@1656:     },
bsw@1656:     { uri = "ldap://192.168.1.3", tls = true, timeout = 5 },
bsw@1656:   },
bsw@1656:   base = "dc=example,dc=org",
bsw@1656:   bind_as = { dn = "cn=admin,dc=example,dc=org", password = "secure" },
bsw@1656:   member = {
bsw@1656:     registration = "auto",
bsw@1656:     scope = "subtree",
bsw@1656:     login_normalizer = function (login)
bsw@1656:       return login:lower()
bsw@1656:     end,
bsw@1656:     login_filter_map = function (login)
bsw@1656:       return "(uid=" .. ldap.escape_filter(login) .. ")"
bsw@1656:     end,
bsw@1656:     login_map = function (ldap_entry)
bsw@1656:       return ldap_entry.uid[1]
bsw@1656:     end,
bsw@1656:     uid_filter_map = function (uid)
bsw@1656:       return "(uidNumber=" .. ldap.escape_filter(uid) .. ")"
bsw@1656:     end,
bsw@1656:     uid_map = function (ldap_entry)
bsw@1656:       return ldap_entry.uidNumber[1]
bsw@1656:     end,
bsw@1656:     fetch_attr = { "uid", "uidNumber", "givenName", "sn", "displayName", "memberof" },
bsw@1656:     attr_map = function (ldap_entry, member)
bsw@1656:       member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.sn[1]
bsw@1656:       member.name = ldap_entry.displayName[1]
bsw@1656:     end,
bsw@1656:     privilege_map = function (ldap_entry, member)
bsw@1656:       local privileges
bsw@1656:       if ldap_entry.dn:match("ou=people,dc=example,dc=org") then
bsw@1656:         privileges = {
bsw@1656:           { unit_id = 1, voting_right = true, polling_right = true },
bsw@1656:           { unit_id = 2, voting_right = true, polling_right = false },
bsw@1656:           { unit_id = 3, voting_right = false, polling_right = true }
bsw@1656:         }
bsw@1656:       elseif ldap_entry.dn:match("ou=employees,dc=example,dc=org$") then
bsw@1656:         privileges = {
bsw@1656:           { unit_id = 1, voting_right = false, polling_right = true },
bsw@1656:           { unit_id = 2, voting_right = false, polling_right = true },
bsw@1656:           { unit_id = 3, voting_right = true, polling_right = false }
bsw@1656:         }
bsw@1656:       elseif ldap_entry.dn:match("ou=member,dc=example,dc=org$") then
bsw@1656:         privileges = {
bsw@1656:           { unit_id = 1, voting_right = true, polling_right = false }
bsw@1656:         }
bsw@1656:       end
bsw@1656:       return privileges
bsw@1656:     end,
bsw@1656:     cache_passwords = true,
bsw@1656:     locked_profile_fields = { name = true }
bsw@1656:   }
bsw@1656: }
bsw@1656: