{
        #  If you want privacy to remain, see the
        #  Chargeable-User-Identity attribute from RFC 4372.
        #  If you want to use it just uncomment the line below.
}#       cui-inner
{
        #
        #  If you want to have a log of authentication replies,
        #  un-comment the following line, and enable the
        #  'detail reply_log' module.
}#       reply_log
{
        #
        #  After authenticating the user, do another SQL query.
        #
        #  See "Authentication Logging Queries" in sql.conf
}#        -sql
{
        #
        #  Instead of sending the query to the SQL server,
        #  write it into a log file.
        #
}#       sql_log
{
        #
        #  Un-comment the following if you have set
        #  'edir_account_policy_check = yes' in the ldap module sub-section of
        #  the 'modules' section.
        #
}#       ldap
{
        #
        #  Access-Reject packets are sent through the REJECT sub-section of the
        #  post-auth section.
        #
        #  Add the ldap module name (or instance) if you have set
        #  'edir_account_policy_check = yes' in the ldap module configuration
        #
}        Post-Auth-Type REJECT \{
                # log failed authentications in SQL, too.
#                -sql
                attr_filter.access_reject
        \}

