diff --git a/openldap/ldap.conf b/openldap/ldap.conf
new file mode 100644
index 0000000..6bf6fcd
--- /dev/null
+++ b/openldap/ldap.conf
@@ -0,0 +1,5 @@
+BASE	dc=my-domain,dc=com
+URI     ldapi:///
+TLS_CACERTDIR	/etc/openldap/certs
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON	on