# Configure an ADS we proxy. hostname will be the section name
[dc0.example.com]
# bind DN towards this AD if client doesn't specify one
binddn=CN=blabla,OU=Foo,DC=public,DC=ads,DC=example,DC=com
# matching password...
bindpw=geheim
# search base to use (in case multiple ADs are configured this is used to identify which one the client actually wants to talk to)
base=DC=public,DC=ads,DC=example,DC=com
# optional: template for home directory mount point to pass to client. use %s as the users account name. only used if AD doesn't supply the homeDirectory attribute (or it doesn't contain a UNC path)
home=\\windows-server\users\%s
# Set this to use SSL when talking to the ADS. SSL is not enabled by default, so make sure your ADS has it.
fingerprint=76:EC:9D:18:99:0D:8F:E1:99:D2:07:09:48:DF:82:4F:28:47:32:14
# Alternatively, set a ca-certificate bundle file used for verification. This is loaded additionally to the system's default CAs
cabundle=/foo/bar.pem
# Optinally set remote port. Default is 3268 for plain connection, 636 for SSL connection.
port=6666
# don't map between AD and LDAP scheme - assume server has all the required fields and values
plainldap=true

# Configure the proxy)
[local]
# Local TCP port to listen on
port=1234
# For using SSL between client and proxy, set these. For plaintext, remove or comment out
cert=/my/cert.pem
privkey=/my/privatekey.pem