Oooooookay.
The FQDN is your 'LDAP server'.
AUTH_LDAP_BIND_DN=CN=TandoorSA,OU=ServiceAccounts,DC=domain,DC=com
Its authenticating with an account called 'TandoorSA' which it expects to find in the OU ServiceAccounts.
You'll obviously need to create that first.
You'll also need to fill in the DC=domain with your actual domain, which you should know if you have setup ldap.
AUTH_LDAP_BIND_PASSWORD=SuperCoolPassword
Its using password 'SuperCoolPassword' when it logs into the 'TandoorSA' account.
AUTH_LDAP_USER_SEARCH_BASE_DN=OU=People,DC=domain,DC=com
It expects to find users in here in general. In the 'People' OU. You'll need to fill in the domain part again.
AUTH_LDAP_USER_SEARCH_FILTER_STR=(memberof=CN=Group of Users,OU=People,DC=domain,DC=com)
This is its search filter for user searching. Maybe i'm just rewording what its saying but theres not much more to it.
Fill in domain.
Thats 'bout it.
How did you setup LDAP without recognizing this stuff?
Wow, so quick and convenient!
Definitely not immediately awkward and dumb.
Dude is spending incredibly large amounts of time and effort when what they wanted was a whitelist and SRV record.