+++ /dev/null
-# set 32MiB, single-segment cache
-set_cachesize 0 33554432 1
-
-# set transaction log autoremoval; disable if you use them for backups
-set_flags DB_LOG_AUTOREMOVE
-
-# these should be left at default for most installs
-set_lg_max 10485760
-set_lg_bsize 2097152
-
-set_lg_dir ${LDAPDBDIR}/bdb-logs
-
-# tmp_dir stuff is not used by OpenLDAP
-#set_tmp_dir ${LDAPDBDIR}/tmp
+++ /dev/null
-dn: cn=Samba
-objectClass: top
-objectClass: container
-cn: Samba
-
-dn: cn=samba-admin,cn=samba
-objectClass: top
-objectClass: person
-cn: samba-admin
-userPassword: ${LDAPADMINPASS}
-
-${MMR}dn: cn=replicator,cn=samba
-${MMR}objectClass: top
-${MMR}objectClass: person
-${MMR}cn: replicator
-${MMR}userPassword: ${MMR_PASSWORD}
+++ /dev/null
-dn: cn=${ATTR},cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
-objectClass: top
-objectClass: nsIndex
-cn: ${ATTR}
-nsSystemIndex: false
-nsIndexType: eq
-
+++ /dev/null
-# Link ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
-dn: cn=${MEMBER_ATTR} to ${MEMBEROF_ATTR},cn=Linked Attributes,cn=plugins,cn=config
-objectClass: extensibleObject
-cn: ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
-linkType: ${MEMBER_ATTR}
-managedType: ${MEMBEROF_ATTR}
-
+++ /dev/null
-dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
-changetype: delete
+++ /dev/null
-dn: ${SAMBADN}
-objectClass: top
-objectClass: container
-cn: Samba
-
-dn: CN=samba-admin,${SAMBADN}
-objectClass: top
-objectClass: person
-cn: samba-admin
-sn: samba-admin
-userPassword: {CLEAR}${LDAPADMINPASS}
-
-dn: ou=Ranges,${SAMBADN}
-objectClass: top
-objectClass: organizationalUnit
-ou: Ranges
-
-dn: cn=Samba SIDs,ou=Ranges,${SAMBADN}
-objectClass: top
-objectClass: nsContainer
-cn: Samba SIDs
+++ /dev/null
-# Map samba-admin to CN=samba-admin,${SAMBADN}
-dn: cn=samba-admin mapping,cn=mapping,cn=sasl,cn=config
-objectClass: top
-objectClass: nsSaslMapping
-cn: samba-admin mapping
-nsSaslMapRegexString: ^samba-admin$
-nsSaslMapBaseDNTemplate: CN=samba-admin,${SAMBADN}
-nsSaslMapFilterTemplate: (objectclass=*)
-
-dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config
-changetype: delete
-
-dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config
-changetype: delete
-
-dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config
-changetype: delete
-
-dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config
-changetype: delete
+++ /dev/null
-overlay memberof
-memberof-dn cn=samba-admin,cn=samba
-memberof-dangling error
-memberof-refint TRUE
-memberof-group-oc top
-memberof-member-ad ${MEMBER_ATTR}
-memberof-memberof-ad ${MEMBEROF_ATTR}
-memberof-dangling-error 32
-
+++ /dev/null
-ServerID ${SERVERID} "${LDAPSERVER}"
+++ /dev/null
-# Generated from template mmr_syncrepl.conf
-
-syncrepl rid=${RID}
- provider="${LDAPSERVER}"
- searchbase="${MMRDN}"
- type=refreshAndPersist
- retry="10 +"
- bindmethod=sasl
- saslmech=DIGEST-MD5
- authcid="replicator"
- credentials="${MMR_PASSWORD}"
-
+++ /dev/null
-#OpenLDAP modules configuration file for ${REALM}
+++ /dev/null
-overlay syncprov
-MirrorMode on
-
+++ /dev/null
-dn: cn=config
-objectClass: olcGlobal
-cn: config
-${OLC_SERVER_ID_CONF}
-
-dn: olcDatabase={0}config,cn=config
-objectClass: olcDatabaseConfig
-olcDatabase: {0}config
-olcRootDN: cn=config
-olcRootPW: ${OLC_PW}
-${OLC_SYNCREPL_CONF}olcMirrorMode: TRUE
-
-dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
-objectClass: olcSyncProvConfig
-olcOverlay: syncprov
-
+++ /dev/null
-olcServerID: ${SERVERID} "${LDAPSERVER}"
+++ /dev/null
-# Generated from template olc_syncrepl.conf
-
-syncrepl rid=${RID}
- provider="${LDAPSERVER}"
- searchbase="cn=config"
- filter="(!(olcDatabase={0}config))"
- type=refreshAndPersist
- retry="10 +"
- bindmethod=sasl
- saslmech=DIGEST-MD5
- authcid="replicator"
- credentials="${MMR_PASSWORD}"
-
+++ /dev/null
-olcSyncRepl: rid=${RID} provider="${LDAPSERVER}"
- binddn="cn=config" bindmethod=sasl saslmech=DIGEST-MD5
- authcid="replicator" credentials="linux"
- searchbase="cn=config" filter="(!(olcDatabase={0}config))"
- type=refreshAndPersist retry="10 +"
+++ /dev/null
-overlay refint
-refint_modifiersName cn=samba-admin,cn=samba
-refint_attributes ${LINK_ATTRS}
+++ /dev/null
-#Standard Fedora DS attributes
-name
-objectClasses
-createTimeStamp
-attributeTypes
-objectClass
-userPassword
-seeAlso
-modifyTimeStamp
-distinguishedName
-description
-cn
-dITContentRules
-top
-
-#This should be provided by the LDAP server, only in our schema to permit provision
-aci
-
-#Skip ObjectClasses
-sambaSamAccount
-sambaGroupMapping
-sambaTrustPassword
-sambaTrustedDomainPassword
-sambaDomain
-sambaUnixIdPool
-sambaIdmapEntry
-sambaSidEntry
-sambaConfig
-sambaShare
-sambaConfigOption
-
-#MiddleName has a conflicting OID
-2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
-#defaultGroup has a conflicting OID
-1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2
-#thumbnailPhoto has a conflicting OID
-2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10
-#thumbnailLogo has a conflicting OID
-2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11
-
-#This large integer format is unimplemented in OpenLDAP 2.3
-1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27
-#This case insensitive string isn't available
-1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44
-#Treat Security Descriptors as binary
-1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40
-#Treat Object(DN-Binary) as a binary blob
-1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.40
-#UTC Time as Generalized Time
-1.3.6.1.4.1.1466.115.121.1.53:1.3.6.1.4.1.1466.115.121.1.24
-#DN with String as Directory String
-1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.40
-#attribute names, declared at OIDs fail
-1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44
-#Presentation Address as Directory String
-1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15
-
-#Remap into existing schema
-pwdLastSet
-pwdLastSet:sambaPwdLastSet
-lastLogon
-lastLogon:sambaLogonTime
-lastLogoff
-lastLogoff:sambaLogoffTime
-badPwdCount
-badPwdCount:sambaBadPasswordCount
-logonHours
-logonHours:sambaLogonHours
-homeDrive
-homeDrive:sambaHomeDrive
-scriptPath
-scriptPath:sambaLogonScript
-profilePath
-profilePath:sambaProfilePath
-userWorkstations
-userWorkstations:sambaUserWorkstations
-homeDirectory
-homeDirectory:sambaHomePath
-groupType
-groupType:sambaGroupType
-nextRid
-nextRid:sambaNextRid
-privilegeDisplayName
-privilegeDisplayName:sambaPrivName
-objectSid
-objectSid:sambaSID
+++ /dev/null
-#Standard OpenLDAP attributes
-labeledURI
-createTimeStamp
-objectClass
-userPassword
-seeAlso
-uid
-subSchemaSubEntry
-structuralObjectClass
-distinguishedName
-description
-cn
-top
-uidNumber
-gidNumber
-#The memberOf plugin provides this attribute
-memberOf
-#'name' is the RDN in AD, but 'name' means something else in
-#OpenLDAP. We use rdnValue for the mapping, but this is provided by
-#the rdnval overlay.
-name
-#These conflict with OpenLDAP builtins
-attributeTypes:samba4AttributeTypes
-2.5.21.5:1.3.6.1.4.1.7165.4.255.7
-dITContentRules:samba4DITContentRules
-2.5.21.2:1.3.6.1.4.1.7165.4.255.6
-objectClasses:samba4ObjectClasses
-2.5.21.6:1.3.6.1.4.1.7165.4.255.5
-subSchema:samba4SubSchema
-2.5.20.1:1.3.6.1.4.1.7165.4.255.4
-#Remap these so that we don't put operational attributes in a schema MAY
-modifyTimeStamp:samba4ModifyTimestamp
-2.5.18.2:1.3.6.1.4.1.7165.4.255.3
-dynamicObject:samba4DynaimcObject
-1.3.6.1.4.1.1466.101.119.2:1.3.6.1.4.1.7165.4.255.8
-entryTTL:samba4EntryTTL
-1.3.6.1.4.1.1466.101.119.3:1.3.6.1.4.1.7165.4.255.9
-#MiddleName has a conflicting OID
-2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
-#defaultGroup has a conflicting OID
-1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2
-#This large integer format is unimplemented in OpenLDAP 2.3
-1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27
-#This case insensitive string isn't available
-1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44
-#Treat Security Descriptors as binary
-1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40
-#Treat OIDs as case insensitive strings (as otherwise ldap class and
-#attribute names, declared at OIDs fail
-1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44
-#Treat Object(DN-Binary) as a binary blob
-1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.40
-#Treat Object(DN-String) as a binary blob
-1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.40
-#Treat UTC-Time as GeneralizedTime
-1.3.6.1.4.1.1466.115.121.1.53:1.3.6.1.4.1.1466.115.121.1.24
+++ /dev/null
-dn: CN=SAMDB Credentials
-objectClass: top
-objectClass: ldapSecret
-cn: SAMDB Credentials
-secret:: ${LDAPADMINPASS_B64}
-samAccountName: ${LDAPADMINUSER}
-realm: ${LDAPADMINREALM}
+++ /dev/null
-dn: CN=SAMDB Credentials
-objectClass: top
-objectClass: ldapSecret
-cn: SAMDB Credentials
-secret:: ${LDAPMANAGERPASS_B64}
-ldapBindDn: ${LDAPMANAGERDN}