loglevel 0

### needed for initial content load ###
sizelimit unlimited

### Multimaster-ServerIDs and URLs ###

${MMR_SERVERIDS_CONFIG}


include ${LDAPDIR}/backend-schema.schema

pidfile		${LDAPDIR}/slapd.pid
argsfile	${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}

#authz-regexp
#          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

#authz-regexp
#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

access to dn.base="" 
       by dn=cn=samba-admin,cn=samba manage
       by anonymous read
       by * read

access to dn.subtree="cn=samba"
       by anonymous auth

access to dn.subtree="${DOMAINDN}"
       by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
       by dn=cn=manager manage
       by * none

password-hash   {CLEARTEXT}

include ${LDAPDIR}/modules.conf

defaultsearchbase ${DOMAINDN}

rootdn cn=Manager

${REFINT_CONFIG}

${MEMBEROF_CONFIG}

database	ldif
suffix		cn=Samba
directory       ${LDAPDIR}/db/samba
rootdn          cn=Manager,cn=Samba

########################################
### cn=schema ###
database        hdb
suffix		${SCHEMADN}
rootdn          cn=Manager,${SCHEMADN}
directory	${LDAPDIR}/db/schema
index           objectClass eq
index           samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10


### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
${MIRRORMODE}

#########################################
### cn=config ###
database        hdb
suffix		${CONFIGDN}
rootdn          cn=Manager,${CONFIGDN}
directory	${LDAPDIR}/db/config
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10

### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}

########################################
### cn=users /base-dn  ###
database        hdb
suffix		${DOMAINDN}
rootdn          cn=Manager,${DOMAINDN}
directory	${LDAPDIR}/db/user
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10

### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}