# -*- text -*-
#  Lightweight Directory Access Protocol (LDAP) module for ALCASAR

ldap {
	server = "localhost"
	port = 389
	identity = "cn=alcasaradmin;cn=Users;dc=serverad;dc=com"
	password = "mypass"
	base_dn = "cn=Users;dc=serverad;dc=com"
	user {
		base_dn = "${..base_dn}"
		# "samaccountname=" for AD; "uid=" for LDAP
		filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})
	}
	options {
		chase_referrals = yes
		rebind = yes
		res_timeout = 10
		srv_timelimit = 3
		net_timeout = 1
		idle = 60
		probes = 3
		interval = 3
#		ldap_debug = 0x0129
	}
	tls {
#		start_tls = yes
#		ca_file = /etc/raddb/certs/alcasar-ldaps.crt
#		ca_path = ${certdir}
#		certificate_file = /path/to/radius.crt
#		private_key_file = /path/to/radius.key
#		random_file = /dev/urandom
#		require_cert = 'demand'
	}
	pool {
		start = 5
		min = 3
		max = 10
		uses = 0
		retry_delay = 30
		lifetime = 0
		idle_timeout = 60
	}
}
