5 # See ldap.conf(5) for details
6 # This file should be world readable but not world writable.
8 # URI(s) of an LDAP server(s) to which the LDAP library should connect
9 URI ldapi:// ldap://127.0.0.1
11 # Default base DN to use when performing ldap operations
12 BASE dc=example,dc=com
14 # default bind DN to use when performing ldap operations.
15 #BINDDN cn=proxyuser,dc=example,dc=com
17 # how alias dereferencing is done when performing a search
18 # <when> can be specified as one of the following keywords:
19 # never, searching, finding, always
22 # name(s) of an LDAP server(s) to which the LDAP library should connect.
23 # HOST is deprecated in favor of URI
26 # timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity
27 #NETWORK_TIMEOUT <integer>
29 # PORT is deprecated in favor of URI
32 # Specifies if the client should automatically follow referrals
33 # returned by LDAP servers.
35 #REFERRALS <on/true/yes/off/false/no>
37 # size limit to use when performing searches
40 # time limit to use when performing searches
43 # timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received
50 # Specifies the SASL mechanism to use
51 #SASL_MECH <mechanism>
53 # Specifies the SASL realm
56 # Specifies the authentication identity
57 #SASL_AUTHCID <authcid>
59 # Specifies the proxy authorization identity
60 #SASL_AUTHZID <authcid>
62 # Specifies Cyrus SASL security properties. The <properties> can be specified
63 # as a comma-separated list of the following:
64 # none, noplain, noactive, nodict, noanonymous, forwardsec, passcred,
65 # minssf=<factor>, maxssf=<factor>, maxbufsize=<factor>
66 #SASL_SECPROPS <properties>
72 # File that contains certificates for all of the Certificate Authorities
73 # the client will recognize.
74 #TLS_CACERT <filename>
76 # Path of a directory that contains Certificate Authority certificates
77 # in separate individual files. The TLS_CACERT is always used before TLS_CACERTDIR
80 # File that contains the client certificate
83 # File that contains the private key that matches the certificate stored
84 # in the TLS_CERT file.
87 # Acceptable cipher suite and preference order.
88 # <cipher-suite-spec> should be a cipher specification for OpenSSL,
89 # e.g., HIGH:MEDIUM:+SSLv2.
90 #TLS_CIPHER_SUITE <cipher-suite-spec>
92 # File to obtain random bits from when /dev/[u]random is not available.
93 #TLS_RANDFILE <filename>
95 # What checks to perform on server certificates in a TLS session, if any.
96 # The <level> can be specified as one of the following keywords:
97 # never, allow, try, demand
100 # Certificate Revocation List (CRL) of the CA should be used to verify
101 # if the server certificates have not been revoked.
102 # This requires TLS_CACERTDIR parameter to be set.
103 # <level> can be specified as one of the following keywords:
105 #TLS_CRLCHECK <level>
107 # File containing a Certificate Revocation List to be used to verify
108 # if the server certificates have not been revoked.
109 #TLS_CRLFILE <filename>