<LDAP>
	# LDAP server URL
	URL		ldap://ldap1.example.org

	# Bind DN (If your LDAP server doesn't support anonymous binds)
	BindDN		uid=Manager,ou=People,dc=example,dc=com

	# Bind Password
	Password	SuperSecretPassword

	# Network timeout (in seconds)
	Timeout		15

	# Enable TLS
	TLSEnable	yes

	# TLS CA Certificate File
	TLSCACertFile	/usr/local/etc/ssl/ca.pem

	# TLS CA Certificate Directory
	TLSCACertDir	/etc/ssl/certs

	# Client Certificate
	TLSCertFile	/usr/local/etc/ssl/client-cert.pem

	# Client Key
	TLSKeyFile	/usr/local/etc/ssl/client-key.pem

	# Cipher Suite
	TLSCipherSuite	ALL:!ADH:@STRENGTH
</LDAP>

<Authorization>
	# Base DN
	BaseDN		"ou=People,dc=example,dc=com"

	# User Search Filter
	SearchFilter	"(&(uid=%u)(accountStatus=active))"

	# Require Group Membership
	RequireGroup	false

	# Add to PF Table
	PFTable		ips_users

	<Group>
		BaseDN		"ou=Groups,dc=example,dc=com"
		SearchFilter	"(|(cn=developers)(cn=artists))"
		MemberAttribute	uniqueMember
		PFTable		ips_trusted
	</Group>
</Authorization>