loglevel 0

### needed for initial content load ###
sizelimit unlimited

### Multimaster-ServerIDs and URLs ###

${MMR_SERVERIDS_CONFIG}

include ${LDAPDIR}/backend-schema.schema

pidfile		${LDAPDIR}/slapd.pid
argsfile	${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}

#authz-regexp
#          uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

#authz-regexp
#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
#          ldap:///${DOMAINDN}??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

access to dn.base="" 
       by dn=cn=samba-admin,cn=samba manage
       by anonymous read
       by * read

access to dn.subtree="cn=samba"
       by anonymous auth

access to dn.subtree="${DOMAINDN}"
       by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
       by dn=cn=manager manage
       by * none

password-hash   {CLEARTEXT}

defaultsearchbase ${DOMAINDN}

rootdn cn=Manager

moduleload rdnval

moduleload deref
overlay deref

moduleload refint
${REFINT_CONFIG}

moduleload memberof
${MEMBEROF_CONFIG}

moduleload syncprov

database	ldif
suffix		cn=Samba
directory       ${LDAPDIR}/db/samba
rootdn          cn=Manager,cn=Samba

########################################
## olc - configuration ###
database	config
rootdn		cn=config

${OLC_SYNCREPL_CONFIG}
${OLC_MMR_CONFIG}
${NOSYNC}

access to dn.sub="cn=config"
	by dn="cn=samba-admin,cn=samba" write
	by dn="cn=replicator,cn=samba" read


########################################
### cn=schema ###
database        hdb
suffix		${SCHEMADN}
rootdn          cn=Manager,${SCHEMADN}
directory	${LDAPDIR}/db/schema
${NOSYNC}
${INDEX_CONFIG}

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

overlay rdnval

### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
${MIRRORMODE}

#########################################
### cn=config ###
database        hdb
suffix		${CONFIGDN}
rootdn          cn=Manager,${CONFIGDN}
directory	${LDAPDIR}/db/config
${NOSYNC}
${INDEX_CONFIG}

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

overlay rdnval

### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}

########################################
### cn=users /base-dn  ###
database        hdb
suffix		${DOMAINDN}
rootdn          cn=Manager,${DOMAINDN}
directory	${LDAPDIR}/db/user
${NOSYNC}
${INDEX_CONFIG}

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

overlay rdnval

### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}