loglevel 0

include ${LDAPDIR}/backend-schema.schema

pidfile		${LDAPDIR}/slapd.pid
argsfile	${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
access to * by * write

allow update_anon

authz-regexp
          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

include ${LDAPDIR}/modules.conf

defaultsearchbase ${DOMAINDN}

backend		hdb
database        bdb
suffix		${SCHEMADN}
directory	${LDAPDIR}/db/schema
index           objectClass eq
index           samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq

database        hdb
suffix		${CONFIGDN}
directory	${LDAPDIR}/db/config
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq pres
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq pres

database        hdb
suffix		${DOMAINDN}
rootdn          ${LDAPMANAGERDN}
rootpw          ${LDAPMANAGERPASS}
directory	${LDAPDIR}/db/user
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index unixName eq
index privilege eq
index nCName eq pres
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq pres

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100