loglevel 0
+### needed for initial content load ###
+sizelimit unlimited
+
+### Multimaster-ServerIDs and URLs ###
+
+${MMR_SERVERIDS_CONFIG}
+
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
-access to * by * write
-allow update_anon
+#authz-regexp
+# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
+# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
-authz-regexp
- uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
- ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+#authz-regexp
+# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
+# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
- ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+ ldap:///cn=samba??one?(cn=\$1)
+
+authz-regexp
+ uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
+ ldap:///cn=samba??one?(cn=\$1)
+
+access to dn.base=""
+ by dn=cn=samba-admin,cn=samba manage
+ by anonymous read
+ by * read
+
+access to dn.subtree="cn=samba"
+ by anonymous auth
+
+access to dn.subtree="${DOMAINDN}"
+ by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
+ by dn=cn=manager manage
+ by * none
+
+password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
-backend bdb
-database bdb
+rootdn cn=Manager
+
+overlay deref
+
+${REFINT_CONFIG}
+
+${MEMBEROF_CONFIG}
+
+database ldif
+suffix cn=Samba
+directory ${LDAPDIR}/db/samba
+rootdn cn=Manager,cn=Samba
+
+########################################
+## olc - configuration ###
+${OLC_CONFIG_PASS}
+${OLC_SYNCREPL_CONFIG}
+${OLC_MMR_CONFIG}
+${OLC_CONFIG_ACL}
+
+########################################
+### cn=schema ###
+database hdb
suffix ${SCHEMADN}
+rootdn cn=Manager,${SCHEMADN}
directory ${LDAPDIR}/db/schema
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectCategory eq
-index lDAPDisplayName eq
-index subClassOf eq
-
-database bdb
+${NOSYNC}
+${INDEX_CONFIG}
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We need this for the contextCSN attribute and mmr.
+overlay syncprov
+syncprov-sessionlog 100
+syncprov-checkpoint 100 10
+
+
+### Multimaster-Replication of cn=schema Subcontext ###
+${MMR_SYNCREPL_SCHEMA_CONFIG}
+${MIRRORMODE}
+
+#########################################
+### cn=config ###
+database hdb
suffix ${CONFIGDN}
+rootdn cn=Manager,${CONFIGDN}
directory ${LDAPDIR}/db/config
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index nCName eq pres
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq pres
-
-database bdb
+${NOSYNC}
+${INDEX_CONFIG}
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We need this for the contextCSN attribute and mmr.
+overlay syncprov
+syncprov-sessionlog 100
+syncprov-checkpoint 100 10
+
+### Multimaster-Replication of cn=config Subcontext ###
+${MMR_SYNCREPL_CONFIG_CONFIG}
+${MIRRORMODE}
+
+########################################
+### cn=users /base-dn ###
+database hdb
suffix ${DOMAINDN}
-rootdn ${LDAP_MANAGERDN}
-rootpw ${LDAP_MANAGERPASS}
+rootdn cn=Manager,${DOMAINDN}
directory ${LDAPDIR}/db/user
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index member eq
-index uidNumber eq
-index gidNumber eq
-index unixName eq
-index privilege eq
-index nCName eq pres
-index lDAPDisplayName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq pres
+${NOSYNC}
+${INDEX_CONFIG}
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
-#We only need this for the contextCSN attribute anyway....
+#We need this for the contextCSN attribute and mmr.
overlay syncprov
-syncprov-checkpoint 100 10
syncprov-sessionlog 100
+syncprov-checkpoint 100 10
+
+### Multimaster-Replication of cn=user/base-dn context ###
+${MMR_SYNCREPL_USER_CONFIG}
+${MIRRORMODE}
git.samba.org / samba.git / blobdiff