# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.


# this file is automatically written by the Kolab config backend
# manual additions are lost unless made to the template in the Kolab config directory

ldap_servers: @@@user_ldap_uri@@@
#ldap_servers: <ldap://localhost/>
#        Specify URI(s) refering to LDAP server(s), e.g. ldaps://10.1.1.2:999/.
#        You can specify multiple servers separated by a space.

ldap_bind_dn: @@@user_bind_dn@@@
#        Specify DN (distinguished name) to bind to the LDAP directory.  Do not
#        specify this parameter for the anonymous bind.

ldap_bind_pw: @@@user_bind_pw@@@
#        Specify the password for ldap_bind_dn.  Do not specify this parameter
#        for the anonymous bind.

ldap_version: 3
#ldap_version: <3> <2|3>
#        Specify the LDAP protocol version to use.

ldap_timeout: 15
#        Specify a number of seconds a search can take before timing out.

ldap_time_limit: 15
#        Specify a number of seconds for a search request to complete.

ldap_deref: always
#ldap_deref: <none> <search|find|always|never>
#        Specify how aliases dereferencing is handled during a search.

#ldap_referrals: <no>
#        Specify whether or not the client should follow referrals.

ldap_restart: yes
#        Specify whether or not LDAP I/O operations are automatically restarted
#        if they abort prematurely.

#ldap_cache_ttl: <0>
#        Non zero enables client side caching.  Cached results will expire after
#        specified number seconds, e.g. 30.  Use this option with care.
#        OpenLDAP folks consider this feature experimental.

#ldap_cache_mem: <0>
#        If client side caching is enabled, the value specifies the cache size
#        in bytes,  e.g. 32768.

ldap_scope: sub
#ldap_scope: <sub> <sub|one|base>
#        Search scope.

ldap_search_base: @@@user_dn_list@@@
#ldap_search_base: <none>
#        Specify a starting point for the search.  e.g. dc=foo,dc=com

ldap_auth_method: bind
#ldap_auth_method: <bind> <bind|custom>
#        Specify an authentication method.  The default 'bind' method uses the
#        LDAP simple bind facility to verify the password.  The custom method
#        uses userPassword attribute to verify the password.  Currently, {CRYPT}
#        hash is supported.

ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
#ldap_filter: <uid=%u>
#        Specify a filter.  Use the %u and %r tokens for the username and realm
#        substitution.  The %u token has to be used at minimum for the filter to
#        be useful.  If ldap_auth_method is 'bind', the filter will search for
#        the DN (distinguished name) attribute.  Otherwise, the search will look
#        for the userPassword attribute.

#ldap_debug: <0>
#        Specify a debugging level in the OpenLDAP libraries.  See
#        ldap_set_option(3) for more (LDAP_OPT_DEBUG_LEVEL).

#ldap_tls_check_peer: <no> <yes|no>
#        Require and verify server certificate.  If this option is yes,
#        you must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.

#ldap_tls_cacert_file: <none>
#        File containing CA (Certificate Authority) certificate(s).

#ldap_tls_cacert_dir: <none>
#        Path to directory with CA (Certificate Authority) certificates.

#ldap_tls_ciphers: <DEFAULT>
#        List of SSL/TLS ciphers to allow.  The format of the string is
#        described in ciphers(1).

#ldap_tls_cert: <none>
#        File containing the client certificate.

#ldap_tls_key: <none>
#        File containing the private client key.