ldap.conf

# /etc/ldap.conf
#
# This is the configuration file for OpenSSH LDAP Public Keys (ssh-ldap-pubkey).
#
# This file actually uses a subset of directives from configuration file of the
# LDAP nameservice switch library and the LDAP PAM module, so the same file can
# be used for all these services.
#

# Specifies the URI(s) of the LDAP server(s) to connect to. The URI scheme may
# be ldap, or ldaps, specifying LDAP over TCP or SSL respectively. A port
# number can be specified; the default port number for the selected protocol
# is used if omitted.
uri ldap://localhost

# The distinguished name of the search base.
base dc=example,dc=org

# The LDAP version to use. Default is 3 if supported by client library.
#ldap_version 3

# Enable SASL and specify mechanism to use (currently supported: GSSAPI).
#sasl GSSAPI

# The distinguished name to bind to the server with.
# Default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=org

# The credentials to bind with. Default is no credential.
#bindpw secret

# The search scope; sub, one, or base.
scope one

# Specifies if the client should automatically follow referrals returned
# by LDAP servers. This must be typically disabled for Active Directory.
# Default is "on".
referrals off

# Search timelimit in seconds (0 for indefinite).
timelimit 5

# Bind/connect timelimit (0 for indefinite).
bind_timelimit 5

# The filter to use when retrieving user information, additional to the login
# attribute value assertion (pam_login_attribute=<login>).
#pam_filter objectclass=posixAccount

# The user ID attribute (defaults to 'uid').
#pam_login_attribute uid

# RFC2307bis naming contexts
# Syntax is:
#   nss_base_XXX  base?scope?filter
# where scope is {base,one,sub} and filter is a filter to be &'d with the
# default filter.
nss_base_passwd	      ou=People,dc=example,dc=org?one

# CA certificates for server certificate verification.
tls_cacertdir /etc/ssl/certs

# Name of LDAP attribute used for SSH public keys.
pubkey_attr sshPublicKey