loglevel 0

include ${LDAPDIR}/backend-schema.schema

pidfile		${LDAPDIR}/slapd.pid
argsfile	${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}

#authz-regexp
#          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

#authz-regexp
#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

access to dn.base="" 
       by dn=cn=samba-admin,cn=samba manage
       by anonymous read
       by * read

access to dn.subtree="cn=samba"
       by anonymous auth

access to dn.subtree="${DOMAINDN}"
       by dn=cn=samba-admin,cn=samba manage
       by dn=cn=manager manage
       by * none

password-hash   {CLEARTEXT}

include ${LDAPDIR}/modules.conf

defaultsearchbase ${DOMAINDN}

rootdn cn=Manager

${REFINT_CONFIG}

${MEMBEROF_CONFIG}

database	ldif
suffix		cn=Samba
directory       ${LDAPDIR}/db/samba
rootdn          cn=Manager,cn=Samba


database        hdb
suffix		${SCHEMADN}
rootdn          cn=Manager,${SCHEMADN}
directory	${LDAPDIR}/db/schema
index           objectClass eq
index           samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

database        hdb
suffix		${CONFIGDN}
rootdn          cn=Manager,${CONFIGDN}
directory	${LDAPDIR}/db/config
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

database        hdb
suffix		${DOMAINDN}
rootdn          cn=Manager,${DOMAINDN}
directory	${LDAPDIR}/db/user
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100