1 ldap_servers: ldap://localhost/
2 ldap_bind_dn: cn=saslauthd,ou=Apps,dc=example,dc=com
3 ldap_bind_pw: saslauthd
4 ldap_version: 3
5 # <2|3>
6 # Specify the LDAP protocol version to use.
8 ldap_timeout: 5
9 # Specify a number of seconds a search can take before timing out.
11 ldap_time_limit: 5
12 # Specify a number of seconds for a search request to complete.
14 #ldap_deref: <none> <search|find|always|never>
15 # Specify how aliases dereferencing is handled during a search.
17 #ldap_referrals: <no>
18 # Specify whether or not the client should follow referrals.
20 #ldap_restart: <yes>
21 # Specify whether or not LDAP I/O operations are automatically restarted
22 # if they abort prematurely.
24 #ldap_cache_ttl: <0>
25 # Non zero enables client side caching. Cached results will expire after
26 # specified number seconds, e.g. 30. Use this option with care.
27 # OpenLDAP folks consider this feature experimental.
29 #ldap_cache_mem: <0>
30 # If client side caching is enabled, the value specifies the cache size
31 # in bytes, e.g. 32768.
33 #ldap_scope: <sub> <sub|one|base>
34 # Search scope.
36 ldap_search_base: dc=iph,dc=ras,dc=ru
37 # Specify a starting point for the search. e.g. dc=foo,dc=com
39 #ldap_auth_method: <bind> <bind|custom>
40 # Specify an authentication method. The default 'bind' method uses the
41 # LDAP simple bind facility to verify the password. The custom method
42 # uses userPassword attribute to verify the password. Currently, {CRYPT}
43 # hash is supported.
45 ldap_filter: (|(uid=%u)(cn=%u))
46 # Specify a filter. Use the %u and %r tokens for the username and realm
47 # substitution. The %u token has to be used at minimum for the filter to
48 # be useful. If ldap_auth_method is 'bind', the filter will search for
49 # the DN (distinguished name) attribute. Otherwise, the search will look
50 # for the userPassword attribute.
52 #ldap_debug: <0>
53 # Specify a debugging level in the OpenLDAP libraries. See
54 # ldap_set_option(3) for more (LDAP_OPT_DEBUG_LEVEL).
55 #
56 #ldap_tls_check_peer: <no> <yes|no>
57 # Require and verify server certificate. If this option is yes,
58 # you must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.
60 #ldap_tls_cacert_file: <none>
61 # File containing CA (Certificate Authority) certificate(s).
63 #ldap_tls_cacert_dir: <none>
64 # Path to directory with CA (Certificate Authority) certificates.
66 #ldap_tls_ciphers: <DEFAULT>
67 # List of SSL/TLS ciphers to allow. The format of the string is
68 # described in ciphers(1).
70 #ldap_tls_cert: <none>
71 # File containing the client certificate.
73 #ldap_tls_key: <none>
74 # File containing the private client key.