--- 
# LDAP connections
connections:
  example_connection_1:
    username: "Directory Manager"
    password: "password"
    host: ldap.yourdomain.com
    port: 389
    basedn: "ou=smallpeople,ou=qa,dc=socialcast,dc=com"
    filter: "(mail=*)"
  example_connection_2:
    username: "Directory Manager"
    password: "password"
    host: ldap.yourdomain.com
    port: 389
    basedn: "ou=tinypeople,ou=qa,dc=yourdomain,dc=com"
    filter: "(mail=*)"
  example_encrypted_connection:
    username: "Directory Manager"
    password: "password"
    host: ldap.yourdomain.com
    port: 389
    basedn: "ou=largepeople,ou=qa,dc=yourdomain,dc=com"
    filter: "(mail=*)"
    encryption: simple_tls


# LDAP attribute mappings
mappings: 
  first_name: givenName
  last_name: sn
  email: mail

  # only use employee_number if the email is unknown
  # employee_number: emp_id
  # only use unique_identifier if you do not wish to use email as the main user identification method
  # unique_identifier: samaccountname

  # To combine multiple ldap attributes into one Socialcast attribute use the following pattern
  # The key is the socialcast attribute and the value is a hash.  The hash requires a key of value
  # which will use the other keys to interpolate the values.
  # location:
  #   value: "%{city}, %{state} %{zip}"
  #   city: city
  #   state: state
  #   zip: zipcode

  # To populate the Socialcast org chart functionality you have two options.
  # If using AD you will most likely need to use the manager option. It works by
  # doing an additional ldap query for each user to find the email address for the
  # person identified in the relevant manager field.
  # manager: manager
  # There is also the manager_email option which assumes that the attribute being
  # mapped is the manager's email address. No additional queries will be performed.
  # This normally requires changes to your LDAP schema.
  # manager_email: manager_email

  # For the sync_photos command add mapping for the profile_photo attribute to an LDAP attribute
  # profile_photo: jpegPhoto
  # profile_photo: photo

# Map LDAP Group Memberships to Socialcast Permissions
permission_mappings:
  # configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
  attribute_name: memberof
  account_types:
    external: "CN=External,OU=Groups,DC=example,DC=com"
  roles:
    tenant_admin: "CN=Admins,OU=Groups,DC=example,DC=com"
    sbi_admin: "CN=Admins,OU=Groups,DC=example,DC=com"
    reach_admin: "CN=Admins,OU=Groups,DC=example,DC=com"
    town_hall_admin: "CN=Admins,OU=Groups,DC=example,DC=com"

  # Role search definitions need to be EXACT matches to the output from your LDAP server.

# general script options
options:
  # cleanup the extracted ldap data file after run is complete
  delete_users_file: false
  # skip sending emails to newly activated users
  skip_emails: true
  # do not actually provision accounts
  # useful during testing
  test: true


# http options for connecting to Socialcast servers
http:
  timeout: 660