##
##  saslauthd.conf -- SASL Authentication Daemon Configuration
##

# white space separated list of LDAP servers
ldap_servers: ldap://127.0.0.1

# authentication for restricted LDAP servers
#ldap_bind_dn: cn=operator,ou=Profile,o=foo.com
#ldap_bind_pw: secret

# LDAP version to use (2|3)
#ldap_version 3

# LDAP timeout
#ldap_timeout 5

# LDAP aliases (search|find|always|never)
ldap_deref: never

# follow LDAP referrals ?
ldap_referrals: no

# restart LDAP I/O operations that fail ?
ldap_restart: yes

# search scope (sub|one|base)
#ldap_scope: sub

# starting point for a search
ldap_search_base: MUST-SPECIFY

# authenticate against LDAP (bind|custom|fastbind)
ldap_auth_method: bind

# Filter LDAP records, %u = username, %r = realm
# if ldap_auth_method is 'bind' the filter searches for the DN
# otherwise the filter searches for the userPassword attribute
#ldap_filter: uid=%u

# debugging LDAP operation
#ldap_debug 0

# require and verify server certificate
#ldap_tls_check_peer:  no
#ldap_tls_cacert_file:
#ldap_tls_cacert_dir:

# list of SSL/TLS ciphers to allow
#ldap_tls_ciphers: DEFAULT

# files containing client certificate and key
#ldap_tls_cert:
#ldap_tls_key: