[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://ldapserver-1
ldap_backup_uri = ldap://ldapserver-2,ldap://ldapserver-3,ldap://ldapserver-4
ldap_rfc2307_fallback_to_local_users = true
ldap_search_base = dc=Somedomain,dc=com
ldap_user_search_base = ou=People,dc=Somedomain,dc=com
ldap_group_search_base ou=Group,dc=Somedomain,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem
cache_credentials = true
entry_cache_timeout = 600
enumerate = False
min_id = 100
ldap_network_timeout = 2
ldap_search_timeout = 5
debug_level = 0x0070
debug_microseconds = true