pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
-access to * by * write
-allow update_anon
+#authz-regexp
+# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
+# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
-authz-regexp
- uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
- ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+#authz-regexp
+# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
+# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
- ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+ ldap:///cn=samba??one?(cn=\$1)
+
+authz-regexp
+ uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
+ ldap:///cn=samba??one?(cn=\$1)
+
+access to dn.base=""
+ by dn=cn=samba-admin,cn=samba manage
+ by anonymous read
+ by * read
+
+access to dn.subtree="cn=samba"
+ by anonymous auth
+
+access to dn.subtree="${DOMAINDN}"
+ by dn=cn=samba-admin,cn=samba manage
+ by * none
-include $modconf
+password-hash {CLEARTEXT}
-defaultsearchbase \"${DOMAINDN}\"
+include ${LDAPDIR}/modules.conf
-backend bdb
-database bdb
-suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\"
+defaultsearchbase ${DOMAINDN}
+
+${REFINT_CONFIG}
+
+${MEMBEROF_CONFIG}
+
+database ldif
+suffix cn=Samba
+directory ${LDAPDIR}/db/samba
+
+
+database hdb
+suffix ${SCHEMADN}
+rootdn cn=Manager,${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
+index cn eq
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
-database bdb
-suffix \"cn=Configuration,${DOMAINDN}\"
+database hdb
+suffix ${CONFIGDN}
+rootdn cn=Manager,${CONFIGDN}
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
-index nCName eq pres
+index nCName eq
index subClassOf eq
index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
+index cn eq
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
-database bdb
-suffix \"${DOMAINDN}\"
-rootdn \"cn=Manager,${DOMAINDN}\"
-rootpw ${LDAPMANAGERPASS}
+database hdb
+suffix ${DOMAINDN}
+rootdn cn=Manager,${DOMAINDN}
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index member eq
index uidNumber eq
index gidNumber eq
-index unixName eq
-index privilege eq
-index nCName eq pres
+index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
+index cn eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+