loglevel 0 include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid argsfile ${LDAPDIR}/slapd.args sasl-realm ${DNSDOMAIN} access to * by * write allow update_anon authz-regexp uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth ldap:///${DOMAINDN}??sub?(samAccountName=\$1) authz-regexp uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth ldap:///${DOMAINDN}??sub?(samAccountName=\$1) include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} ${MEMBEROF_CONFIG} database hdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq index name eq index objectCategory eq index lDAPDisplayName eq index subClassOf eq index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 database hdb suffix ${CONFIGDN} directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq index name eq index objectSid eq index objectCategory eq index nCName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 database hdb suffix ${DOMAINDN} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq index name eq index objectSid eq index objectCategory eq index member eq index uidNumber eq index gidNumber eq index unixName eq index privilege eq index nCName eq index lDAPDisplayName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq rootdn ${LDAPMANAGERDN} rootpw ${LDAPMANAGERPASS} #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100