loglevel 0
+### needed for initial content load ###
+sizelimit unlimited
+
### Multimaster-ServerIDs and URLs ###
${MMR_SERVERIDS_CONFIG}
-
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
+authz-regexp
+ gidNumber=.*\\\+uidNumber=${ADMIN_UID},cn=peercred,cn=external,cn=auth
+ cn=samba-admin,cn=samba
+
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by anonymous auth
access to dn.subtree="${DOMAINDN}"
- by dn=cn=samba-admin,cn=samba manage
+ by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
-include ${LDAPDIR}/modules.conf
-
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
+moduleload rdnval
+
+moduleload deref
+overlay deref
+
+moduleload refint
${REFINT_CONFIG}
+moduleload memberof
${MEMBEROF_CONFIG}
-database ldif
+moduleload syncprov
+
+database mdb
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
+########################################
+## olc - configuration ###
+database config
+rootdn cn=config
+
+${OLC_SYNCREPL_CONFIG}
+${OLC_MMR_CONFIG}
+
+access to dn.sub="cn=config"
+ by dn="cn=samba-admin,cn=samba" write
+ by dn="cn=replicator,cn=samba" read
+
+
########################################
### cn=schema ###
-database hdb
+database mdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
-rootpw "${MMR_PASSWORD}"
directory ${LDAPDIR}/db/schema
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectCategory eq
-index lDAPDisplayName eq
-index subClassOf eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
+maxsize 1073741824
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
-#We only need this for the contextCSN attribute anyway....
+#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
-# syncprov-checkpoint 100 10
+syncprov-checkpoint 100 10
+overlay rdnval
### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
#########################################
### cn=config ###
-database hdb
+database mdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
-rootpw "${MMR_PASSWORD}"
directory ${LDAPDIR}/db/config
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index nCName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
+maxsize 1073741824
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
-#We only need this for the contextCSN attribute anyway....
+#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
-# syncprov-checkpoint 100 10
+syncprov-checkpoint 100 10
+
+overlay rdnval
### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}
+########################################
+### domaindns
+database mdb
+suffix dc=domaindnszones,${DOMAINDN}
+rootdn cn=Manager,${DOMAINDN}
+directory ${LDAPDIR}/db/domaindns
+${NOSYNC}
+${INDEX_CONFIG}
+maxsize 1073741824
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We need this for the contextCSN attribute and mmr.
+overlay syncprov
+syncprov-sessionlog 100
+syncprov-checkpoint 100 10
+
+overlay rdnval
+
+### Multimaster-Replication of domainDNS context ###
+${MMR_SYNCREPL_DOMAINDNS_CONFIG}
+${MIRRORMODE}
+
+########################################
+### forestdns ###
+database mdb
+suffix dc=forestdnszones,${DOMAINDN}
+rootdn cn=Manager,${DOMAINDN}
+directory ${LDAPDIR}/db/forestdns
+${NOSYNC}
+${INDEX_CONFIG}
+maxsize 1073741824
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We need this for the contextCSN attribute and mmr.
+overlay syncprov
+syncprov-sessionlog 100
+syncprov-checkpoint 100 10
+
+overlay rdnval
+
+### Multimaster-Replication of forestDNS context ###
+${MMR_SYNCREPL_FORESTDNS_CONFIG}
+${MIRRORMODE}
+
########################################
### cn=users /base-dn ###
-database hdb
+database mdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
-rootpw "${MMR_PASSWORD}"
directory ${LDAPDIR}/db/user
-index objectClass eq
-index samAccountName eq
-index name eq
-index objectSid eq
-index objectCategory eq
-index member eq
-index uidNumber eq
-index gidNumber eq
-index nCName eq
-index lDAPDisplayName eq
-index subClassOf eq
-index dnsRoot eq
-index nETBIOSName eq
-index cn eq
-index entryUUID,entryCSN eq
+${NOSYNC}
+${INDEX_CONFIG}
+maxsize 1073741824
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
-#We only need this for the contextCSN attribute anyway....
+#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
-# syncprov-checkpoint 100 10
+syncprov-checkpoint 100 10
+
+overlay rdnval
### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
git.samba.org / gd / samba-autobuild / .git / blobdiff