Yes, I have a config file setup as below (sensitive info modified). I currently have allow-search and connection reset set to true so that Windows LDP tool would function, not sure of their need when going through PrivacyIDEA. We are looking at Cisco ASA VPN integration using LDAP so that the ASA can apply policy based on a user’s group membership in AD.
[privacyidea]
instance = https://FQDN.of.server
verify = True
[ldap-backend]
endpoint = tcp:host=FQDN.of.DomainController:port=389
test-connection = true
[service-account]
dn = "domain\serviceaccount"
password =
[ldap-proxy]
endpoint = tcp:port=1389
#We do not want to allow passthrough binds, but setting is required.
passthrough-binds = "dc=test,dc=local"
bind-service-account = false
allow-search = true
allow-connection-reuse = true
ignore-search-result-references = false
forward-anonymous-binds = false
[user-mapping]
strategy = lookup
attribute = sAMAccountName
[realm-mapping]
strategy = static
realm =
[bind-cache]
enabled = false
timeout = 3
[app-cache]
enabled = false