my $conffile='/etc/ldap.conf';

sub my_conf
{
        state %conf;
        my $key=shift;
        unless ($conf{'.read'}++) {
                open my $f,'<',$conffile or die "Can't open $conffile for reading: $!";
                while (<$f>) {
                        next if /^\#/;
                        next if /^\s+$/;
                        s/^\s+//;
                        s/\s+$//;
                        my ($k,$v)=split /\s+/,$_,2;
                        warn "Duplicate key $k in $conffile line $.\n" if exists $conf{$k};
                        $conf{$k}=$v;
                }
                close $f;
                my $fn=$conffile;
                $fn=~s/\.conf$/.secret/;
                open my $f2,'<',$fn or die "Can't open $fn for reading: $!";
                $conf{'.secret'}=<$f2>;
                chomp $conf{'.secret'};
                close $f2;
        }
        return $conf{$key};
}

sub new
{
        my $proto=shift;
        my $uri=URI->new(my_conf('uri') // die "Missing uri in $conffile\n");
        my $host=$uri->host();
        my $scheme=$uri->scheme();
        my $path=$uri->path();
        my $port=$uri->port();
        my %opts=(
                onerror => 'die',
                host => $host,
                scheme => $scheme,
                port => $port,
                timeout => my_conf('timelimit')//120,
                version => my_conf('ldap_version')//3,
                inet4 => 1,
                inet6 => 0,
        );
        my $ldap=$proto->SUPER::new($host,%opts) or die "Can't connect to $host: $@";
        if ((my_conf('ssl')//'') eq 'start_tls') {
                %opts=();
                $opts{'verify'}='none';
                $opts{'cafile'}=my_conf('tls_cacertfile') // die "Missing tls_cacertfile in $conffile\n";
                # $opts{'capath'}=$opts{'cafile'}=~s|/[^/]+$|/|;
                $opts{'sslversion'}='tlsv1_1';
                $ldap->start_tls(%opts);
        }
        return $ldap;
}