uid ${nslcd_user}
gid ${nslcd_user}

uri ${ldap_uri}

base ${basedn}
base passwd ${users_basedn}
base group ${groups_basedn}

sasl_mech GSSAPI

nss_min_uid ${nslcd_min_uid}
nss_initgroups_ignoreusers ALLLOCAL
nss_nested_groups yes

pam_authz_search (&(uid=\$username)(memberOf=cn=\$service-access,${roles_basedn}))