2.1.2 External Configuration

Your system may already be configured for a default LDAP server. For example, /etc/openldap/ldap.conf might contain:

BASE ou=people,dc=gnu,dc=org
URI ldaps://ldap.gnu.org
TLS_CACERTDIR /etc/openldap/certs

Authentication requires a password, and a bind distinguished name (binddn) representing the user, in this case, gnu\emacsuser. These can be specified in ~/.authinfo.gpg with the following line:

machine ldaps://ldap.gnu.org binddn gnu\emacsuser password s3cr3t

Then in the .emacs init file, these expressions suffice to configure EUDC for LDAP:

(with-eval-after-load "message"
  (define-key message-mode-map (kbd "TAB") 'eudc-expand-try-all))
(setopt eudc-server-hotlist
        '(("" . bbdb)
          ("ldaps://ldap.gnu.org" . ldap)))
(setopt ldap-host-parameters-alist
        '(("ldaps://ldap.gnu.org"
                  auth-source t)))

For this example where we only care about one server, the server name can be omitted in ~/.authinfo.gpg and .emacs, in which case ldapsearch defaults to the host name in /etc/openldap/ldap.conf.

The ~/.authinfo.gpg line becomes:

binddn gnu\emacsuser password s3cr3t

and the .emacs expressions become:

(with-eval-after-load "message"
  (define-key message-mode-map (kbd "TAB") 'eudc-expand-try-all))
(setopt eudc-server-hotlist
        '(("" . bbdb) ("" . ldap)))
(setopt ldap-host-parameters-alist
        '(("" auth-source t)))