michael@144: ##
michael@144: ##  saslauthd.conf -- SASL Authentication Daemon Configuration
michael@144: ##
michael@144: 
michael@144: #   white space separated list of LDAP servers
michael@144: ldap_servers: ldap://127.0.0.1
michael@144: 
michael@144: #   authentication for restricted LDAP servers
michael@144: #ldap_bind_dn: cn=operator,ou=Profile,o=example.com
michael@144: #ldap_bind_pw: secret
michael@144: 
michael@144: #   LDAP version to use (2|3)
michael@144: #ldap_version 3
michael@144: 
michael@144: #   LDAP timeout
michael@144: #ldap_timeout 5
michael@144: 
michael@144: #   LDAP aliases (search|find|always|never)
michael@144: ldap_deref: never
michael@144: 
michael@144: #   follow LDAP referrals ?
michael@144: ldap_referrals: no
michael@144: 
michael@144: #   restart LDAP I/O operations that fail ?
michael@144: ldap_restart: yes
michael@144: 
michael@144: #   search scope (sub|one|base)
michael@144: #ldap_scope: sub
michael@144: 
michael@144: #   starting point for a search
michael@144: ldap_search_base: MUST-SPECIFY
michael@144: 
michael@144: #   authenticate against LDAP (bind|custom|fastbind)
michael@144: ldap_auth_method: bind
michael@144: 
michael@144: #   Filter LDAP records, %u = username, %r = realm
michael@144: #   if ldap_auth_method is 'bind' the filter searches for the DN
michael@144: #   otherwise the filter searches for the userPassword attribute
michael@144: #ldap_filter: uid=%u
michael@144: 
michael@144: #   debugging LDAP operation
michael@144: #ldap_debug 0
michael@144: 
michael@144: #   require and verify server certificate
michael@144: #ldap_tls_check_peer:  no
michael@144: #ldap_tls_cacert_file:
michael@144: #ldap_tls_cacert_dir:
michael@144: 
michael@144: #   list of SSL/TLS ciphers to allow
michael@144: #ldap_tls_ciphers: DEFAULT
michael@144: 
michael@144: #   files containing client certificate and key
michael@144: #ldap_tls_cert:
michael@144: #ldap_tls_key:
michael@144: