Emacs can pass most required configuration options via the
ldapsearch command-line. One exception is certificate
configuration for LDAP-over-SSL, which must be specified in
/etc/openldap/ldap.conf. On systems that provide such
certificates as part of the OpenLDAP installation, this can be
as simple as one line:
TLS_CACERTDIR /etc/openldap/certs
In .emacs, these expressions suffice to configure EUDC for LDAP:
(with-eval-after-load "message"
(define-key message-mode-map (kbd "TAB") 'eudc-expand-try-all))
(setopt eudc-server-hotlist
'(("" . bbdb)
("ldaps://ldap.gnu.org" . ldap)))
(setopt ldap-host-parameters-alist
'(("ldaps://ldap.gnu.org"
base "ou=people,dc=gnu,dc=org"
binddn "gnu\\emacsuser"
passwd ldap-password-read)))
Specifying the function ldap-password-read for passwd
will cause Emacs to prompt interactively for the password. The
password will then be validated and cached, unless
password-cache is nil. You can customize
password-cache-expiry to control the duration for which the
password is cached. If you want to clear the cache, call
password-reset.