<LDAP>
	# LDAP server URL - Twice
	URL		ldap://ldap1.example.org
	URL		ldap://ldap1.example.org

	# Network timeout (in seconds)
	Timeout		15

	# Enable TLS
	TLSEnable	yes

	# TLS CA Certificate File
	TLSCACertFile	/usr/local/etc/ssl/ca.pem

	# TLS CA Certificate Directory
	TLSCACertDir	/etc/ssl/certs

	# Client Certificate
	TLSCertFile	/usr/local/etc/ssl/client-cert.pem

	# Client Key
	TLSKeyFile	/usr/local/etc/ssl/client-key.pem

	# Cipher Suite
	TLSCipherSuite	ALL:!ADH:@STRENGTH
</LDAP>

<Authorization>
	# Base DN
	BaseDN		"ou=People,dc=example,dc=com"

	# User Search Filter
	SearchFilter	"(&(uid=%u)(accountStatus=active))"

	# Require Group Membership
	RequireGroup	false

	<Group>
		BaseDN		"ou=Groups,dc=example,dc=com"
		SearchFilter	"(|(cn=developers)(cn=artists))"
		MemberAttribute	uniqueMember
	</Group>
</Authorization>