include /etc/openldap/schema/uidpool.schema include /etc/openldap/schema/sudo.schema include /etc/openldap/schema/autofs.schema TLSCACertificateFile /etc/openldap/pla/ca-bundle.crt TLSCertificateFile /etc/openldap/pla/slapd.crt TLSCertificateKeyFile /etc/openldap/pla/slapd.key access to dn.regex="o=Simpsons$" attrs=userpassword by anonymous auth by self write by * none access to dn.base="" by * read access to dn.regex="dc=example.com$" by dn.regex="o=Flintstones$" none by dn.regex="o=Simpsons$" none by * write access to dn.regex="dc=example,dc=com$" by dn.regex="o=Flintstones$" none by dn.regex="o=Simpsons$" none by * write access to dn.regex="o=Flintstones$" by dn.regex="o=Simpsons$" none by self write by dn.regex="cn=.*,ou=People,o=Flintstones" write by * read access to dn.regex="o=Simpsons$" by dn.regex="o=Flintstones$" none by self write by dn.regex="cn=.*,ou=People,o=Simpsons" write by * read access to * by * read authz-policy any database ldbm suffix "dc=example.com" rootdn "cn=Manager,dc=example.com" rootpw NotAllowed directory /var/lib/ldap/base-example.com dirtyread cachesize 2000 checkpoint 32 1 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database ldbm suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw NotAllowed directory /var/lib/ldap/base-example-com dirtyread cachesize 2000 checkpoint 32 1 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database ldbm suffix "o=Simpsons" rootdn "cn=Manager,o=Simpsons" rootpw NotAllowed directory /var/lib/ldap/base-simpsons dirtyread cachesize 2000 checkpoint 32 1 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth ldap:///dc=example.com??sub?(&(uid=$1)(objectClass=inetOrgPerson)) database bdb suffix "o=Flintstones" rootdn "cn=Manager,o=Flintstones" rootpw NotAllowed directory /var/lib/ldap/base-flintstones dirtyread cachesize 2000 checkpoint 32 1 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database monitor access to * by * read database config access to * by * read rootdn cn=admin,cn=config rootpw password