# ldapd configuration
# manage by Ansible

schema "/etc/ldap/core.schema"
schema "/etc/ldap/inetorgperson.schema"
schema "/etc/ldap/nis.schema"
schema "/etc/ldap/bsd.schema"

{% for interface in ansible_interfaces %}
{% if "pflog" not in interface %}
listen on {{ interface }}
{% endif %}
{% endfor %}
listen on "/var/run/ldapi"

namespace "dc=domain" {
  rootdn "cn=admin,dc=domain"

  deny read,write access to subtree root by any
  allow read,write access to subtree root by self

}