Index: trunk/server/fedora/config/etc/nss-ldapd.conf
===================================================================
--- trunk/server/fedora/config/etc/nss-ldapd.conf	(revision 1293)
+++ trunk/server/fedora/config/etc/nss-ldapd.conf	(revision 1294)
@@ -6,5 +6,5 @@
 
 # The uri pointing to the LDAP server to use for name lookups.
-# Mulitple entries may be specified. The address that is used
+# Multiple entries may be specified. The address that is used
 # here should be resolvable without using LDAP (obviously).
 #uri ldap://127.0.0.1/
@@ -12,5 +12,5 @@
 #uri ldapi://%2fvar%2frun%2fldapi_sock/
 # Note: %2f encodes the '/' used as directory separator
-uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
+# uri ldap://127.0.0.1/
 
 # The LDAP version to use (defaults to 3
@@ -19,12 +19,13 @@
 
 # The distinguished name of the search base.
-base dc=scripts,dc=mit,dc=edu
+# base dc=example,dc=com
 
 # The distinguished name to bind to the server with.
 # Optional: default is to bind anonymously.
-#binddn cn=proxyuser,dc=padl,dc=com
+#binddn cn=proxyuser,dc=example,dc=com
 
 # The credentials to bind with.
 # Optional: default is no credentials.
+# Note that if you set a bindpw you should check the permissions of this file.
 #bindpw secret
 
@@ -35,40 +36,25 @@
 
 # Customize certain database lookups.
-base   group  ou=Groups,dc=scripts,dc=mit,dc=edu
-base   passwd ou=People,dc=scripts,dc=mit,dc=edu
-#base   shadow ou=People,dc=example,dc=net
+#base   group  ou=Groups,dc=example,dc=com
+#base   passwd ou=People,dc=example,dc=com
+#base   shadow ou=People,dc=example,dc=com
 #scope  group  onelevel
 #scope  hosts  sub
 
 # Bind/connect timelimit.
-bind_timelimit 120
+#bind_timelimit 30
 
 # Search timelimit.
-timelimit 120
+#timelimit 30
 
 # Idle timelimit. nslcd will close connections if the
 # server has not been contacted for the number of seconds.
-idle_timelimit 3600
+#idle_timelimit 3600
 
-# Netscape SDK LDAPS
-#ssl on
-
-# Netscape SDK SSL options
-#sslpath /etc/ssl/certs
-
-# OpenLDAP SSL mechanism
-# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+# Use StartTLS without verifying the server certificate.
 #ssl start_tls
-#ssl on
-
-# OpenLDAP SSL options
-# Require and verify server certificate (yes/no)
-# Default is to use libldap's default behavior, which can be configured in
-# /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
-# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
-#tls_checkpeer yes
+#tls_reqcert never
 
 # CA certificates for server certificate verification
-# At least one of these are required if tls_checkpeer is "yes"
 #tls_cacertdir /etc/ssl/certs
 #tls_cacertfile /etc/ssl/ca.cert
@@ -137,2 +123,12 @@
 #map    group  uniqueMember     member
 #map    group  gidNumber        gid
+uid nslcd
+gid ldap
+# This comment prevents repeated auto-migration of settings from /etc/ldap.conf.
+uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
+base dc=scripts,dc=mit,dc=edu
+timelimit 120
+bind_timelimit 120
+idle_timelimit 3600
+base   group  ou=Groups,dc=scripts,dc=mit,dc=edu
+base   passwd ou=People,dc=scripts,dc=mit,dc=edu