BASE dc=foo,dc=sh
URI ldaps://ldap01.home.foo.sh

TLS_CACERT {{ tls_certs }}/ca.crt