ldap_servers: ldap://10.1.1.15/ ldap://10.1.1.25/
ldap_bind_dn: cn=operator,ou=Profile,o=foo.com
ldap_bind_pw: secret
ldap_version: 3
# <2|3>
#	Specify the LDAP protocol version to use.

ldap_timeout: 5
#	Specify a number of seconds a search can take before timing out.

ldap_time_limit: 5
#	Specify a number of seconds for a search request to complete.

#ldap_deref: <none> <search|find|always|never>
#	Specify how aliases dereferencing is handled during a search.

#ldap_referrals: <no>
#	Specify whether or not the client should follow referrals.

#ldap_restart: <yes>
#	Specify whether or not LDAP I/O operations are automatically restarted
#	if they abort prematurely.

#ldap_cache_ttl: <0>
#	Non zero enables client side caching.  Cached results will expire after
#	specified number seconds, e.g. 30.  Use this option with care.
#	OpenLDAP folks consider this feature experimental.

#ldap_cache_mem: <0>
#	If client side caching is enabled, the value specifies the cache size
#	in bytes,  e.g. 32768.
	
#ldap_scope: <sub> <sub|one|base>
#	Search scope.

#ldap_search_base: <none>
#	Specify a starting point for the search.  e.g. dc=foo,dc=com

#ldap_auth_method: <bind> <bind|custom>
#	Specify an authentication method.  The default 'bind' method uses the
#	LDAP simple bind facility to verify the password.  The custom method
#	uses userPassword attribute to verify the password.  Currently, {CRYPT}
#	hash is supported.

#ldap_filter: <uid=%u>
#	Specify a filter.  Use the %u and %r tokens for the username and realm
#	substitution.  The %u token has to be used at minimum for the filter to
#	be useful.  If ldap_auth_method is 'bind', the filter will search for
#	the DN (distinguished name) attribute.  Otherwise, the search will look
#	for the userPassword attribute.

#ldap_debug: <0>
#	Specify a debugging level in the OpenLDAP libraries.  See
#	ldap_set_option(3) for more (LDAP_OPT_DEBUG_LEVEL).
#
#ldap_tls_check_peer: <no> <yes|no>
#	Require and verify server certificate.  If this option is yes,
#	you must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.

#ldap_tls_cacert_file: <none>
#	File containing CA (Certificate Authority) certificate(s).

#ldap_tls_cacert_dir: <none>
#	Path to directory with CA (Certificate Authority) certificates.

#ldap_tls_ciphers: <DEFAULT>
#	List of SSL/TLS ciphers to allow.  The format of the string is
#	described in ciphers(1).

#ldap_tls_cert: <none>
#	File containing the client certificate.

#ldap_tls_key: <none>
#	File containing the private client key.