Make a seperate template for the refint configuration too

[kai/samba.git] / source / setup / slapd.conf

diff --git a/source/setup/slapd.conf b/source/setup/slapd.conf
index a6fe73a4de9705f033e3b26471bd9f7bdec2f12b..495847f7fe936888073fb79a4e6af053937da2bc 100644 (file)
--- a/source/setup/slapd.conf
+++ b/source/setup/slapd.conf
@@ -5,25 +5,53 @@ include ${LDAPDIR}/backend-schema.schema
 pidfile                ${LDAPDIR}/slapd.pid
 argsfile       ${LDAPDIR}/slapd.args
 sasl-realm ${DNSDOMAIN}
-access to * by * write
 
-allow update_anon
+#authz-regexp
+#          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
+#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
 
-authz-regexp
-          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
-          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+#authz-regexp
+#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
+#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
 
 authz-regexp
           uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
-          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
+          ldap:///cn=samba??one?(cn=\$1)
+
+authz-regexp
+          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
+          ldap:///cn=samba??one?(cn=\$1)
+
+access to dn.base="" 
+       by dn=cn=samba-admin,cn=samba manage
+       by anonymous read
+       by * read
+
+access to dn.subtree="cn=samba"
+       by anonymous auth
+
+access to dn.subtree="${DOMAINDN}"
+       by dn=cn=samba-admin,cn=samba manage
+       by * none
 
-include $modconf
+password-hash   {CLEARTEXT}
 
-defaultsearchbase \"${DOMAINDN}\"
+include ${LDAPDIR}/modules.conf
 
-backend                bdb
-database        bdb
-suffix         \"cn=Schema,cn=Configuration,${DOMAINDN}\"
+defaultsearchbase ${DOMAINDN}
+
+${REFINT_CONFIG}
+
+${MEMBEROF_CONFIG}
+
+database       ldif
+suffix         cn=Samba
+directory       ${LDAPDIR}/db/samba
+
+
+database        hdb
+suffix         ${SCHEMADN}
+rootdn          cn=Manager,${SCHEMADN}
 directory      ${LDAPDIR}/db/schema
 index           objectClass eq
 index           samAccountName eq
@@ -31,24 +59,38 @@ index name eq
 index objectCategory eq
 index lDAPDisplayName eq
 index subClassOf eq
+index cn eq
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
 
-database        bdb
-suffix         \"cn=Configuration,${DOMAINDN}\"
+database        hdb
+suffix         ${CONFIGDN}
+rootdn          cn=Manager,${CONFIGDN}
 directory      ${LDAPDIR}/db/config
 index           objectClass eq
 index           samAccountName eq
 index name eq
 index objectSid eq
 index objectCategory eq
-index nCName eq pres
+index nCName eq
 index subClassOf eq
 index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
+index cn eq
+
+#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
+#We only need this for the contextCSN attribute anyway....
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
 
-database        bdb
-suffix         \"${DOMAINDN}\"
-rootdn          \"cn=Manager,${DOMAINDN}\"
-rootpw          ${LDAPMANAGERPASS}
+database        hdb
+suffix         ${DOMAINDN}
+rootdn          cn=Manager,${DOMAINDN}
 directory      ${LDAPDIR}/db/user
 index           objectClass eq
 index           samAccountName eq
@@ -58,16 +100,16 @@ index objectCategory eq
 index member eq
 index uidNumber eq
 index gidNumber eq
-index unixName eq
-index privilege eq
-index nCName eq pres
+index nCName eq
 index lDAPDisplayName eq
 index subClassOf eq
 index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
+index cn eq
 
 #syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
 #We only need this for the contextCSN attribute anyway....
 overlay syncprov
 syncprov-checkpoint 100 10
 syncprov-sessionlog 100
+