#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

# URI(s) of an LDAP server(s) to which the LDAP library should connect
URI ldapi:// ldap://127.0.0.1

# Default base DN to use when performing ldap operations
BASE dc=example,dc=com

# default bind DN to use when performing ldap operations.
#BINDDN cn=proxyuser,dc=example,dc=com

# how alias dereferencing is done when performing a search
# <when> can be specified as one of the following keywords:
# never, searching, finding, always
#DEREF never

# name(s) of an LDAP server(s) to which the LDAP library should connect.
# HOST is deprecated in favor of URI
#HOST example.com

# timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity
#NETWORK_TIMEOUT <integer>

# PORT is deprecated in favor of URI
#PORT <port>

# Specifies if the client should automatically follow referrals
# returned by LDAP servers.
# The default is on.
#REFERRALS <on/true/yes/off/false/no>

# size limit to use when performing searches
#SIZELIMIT 12

# time limit to use when performing searches
#TIMELIMIT 15

# timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received
#TIMEOUT <integer>


# SASL OPTIONS


# Specifies the SASL mechanism to use
#SASL_MECH <mechanism>

# Specifies the SASL realm
#SASL_REALM <realm>

# Specifies the authentication identity
#SASL_AUTHCID <authcid>

# Specifies the proxy authorization identity
#SASL_AUTHZID <authcid>

# Specifies Cyrus SASL security properties. The <properties> can be specified
# as a comma-separated list of the following:
# none, noplain, noactive, nodict, noanonymous, forwardsec, passcred,
# minssf=<factor>, maxssf=<factor>, maxbufsize=<factor>
#SASL_SECPROPS <properties>


# TLS OPTIONS


# File that contains certificates for all of the Certificate Authorities
# the client will recognize.
#TLS_CACERT <filename>

# Path of a directory that contains Certificate Authority certificates
# in separate individual files. The TLS_CACERT is always used before TLS_CACERTDIR
#TLS_CACERTDIR <path>

# File that contains the client certificate
#TLS_CERT <filename>

# File that contains the private key that matches the certificate stored
# in the TLS_CERT file.
#TLS_KEY <filename>

# Acceptable cipher suite and preference order.
# <cipher-suite-spec> should be a cipher specification for OpenSSL,
# e.g., HIGH:MEDIUM:+SSLv2.
#TLS_CIPHER_SUITE <cipher-suite-spec>

# File to obtain random bits from when /dev/[u]random is not available.
#TLS_RANDFILE <filename>

# What checks to perform on server certificates in a TLS session, if any.
# The <level> can be specified as one of the following keywords:
# never, allow, try, demand
#TLS_REQCERT <level>

# Certificate Revocation List (CRL) of the CA should be used to verify
# if the server certificates have not been revoked.
# This requires TLS_CACERTDIR parameter to be set.
# <level> can be specified as one of the following keywords:
# none, peer, all
#TLS_CRLCHECK <level>

# File containing a Certificate Revocation List to be used to verify
# if the server certificates have not been revoked.
#TLS_CRLFILE <filename>