# Configuration file for OpenSC / scldap
# Example configuration file

ldap example {
	# Hostname for LDAP server (required)
	ldaphost = "ldap.foobar.tld";
	# Port for LDAP server
	ldapport = 389;
	# Scope for ldap search
	# 0 = LDAP_SCOPE_BASE
	# 1 = LDAP_SCOPE_ONELEVEL
	# 2 = LDAP_SCOPE_SUBTREE
	scope = 2;
	# Use the Distinguished Name to
	# bind to the LDAP directory
	binddn = "cn=public,dc=cc,dc=foobar,dc=tld";
	# Use passwd as the password for simple authentication
	passwd = "bazfoo";
	# Use base as the starting point for the
	# search instead of the default
	base = "dc=foobar,dc=tld";
	# Search attribute(s)
	attributes = "cert", "user";
	# Search filter. (required)
	# formatted searches like (user=%s) are accepted
	filter = "(identifier=foobarAuthority)";
}

# Test cards
card "FINEID S4-1-1", "VRK-FINSIGN" {
	ldap "auth certificate" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
		attributes = userCertificate;
		filter = "(uniqueIdentifier=%s)";
	}
	ldap crl {
		# unnecessary, data for crl is usually generated from
		# auth cert's crlDistributionPoints 
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
	}
	ldap "ca certificate" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
		attributes = cACertificate;
		filter = "(objectClass=fineidCertificationAuthority)";
	}
	ldap "approx base" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
	}
}

card "FINEID S4-1", "VRK-FINSIGN" {
	ldap "auth certificate" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
		attributes = userCertificate;
		filter = "(uniqueIdentifier=%s)";
	}
	ldap crl {
		# unnecessary, data for crl is usually generated from
		# auth cert's crlDistributionPoints 
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
	}
	ldap "ca certificate" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
		attributes = cACertificate;
		filter = "(objectClass=fineidCertificationAuthority)";
	}
	ldap "approx base" {
		ldaphost = ldap.example.com;
		ldapport = 389;
		scope = 2;
		base = "dc=example,dc=com";
	}
}