include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
#include         /etc/ldap/schema/krb5-kdc.schema
#include         /etc/ldap/schema/samba.schema
#include         /etc/ldap/schema/cmusasl.schema
include         /etc/ldap/schema/ppolicy.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0

modulepath	/usr/lib/ldap
moduleload	back_bdb
#moduleload	smbk5pwd
#moduleload	constraint
#moduleload	unique
moduleload	ppolicy

sizelimit -1

backend		bdb
database        bdb

#overlay smbk5pwd
#smbk5pwd-enable samba
#smbk5pwd-enable krb5

suffix          "dc=example,dc=org"
rootdn          "cn=admin,dc=example,dc=org"
directory       "/var/lib/ldap"

dbconfig set_cachesize 0 100000000 0
dbconfig set_lk_max_objects 100000
dbconfig set_lk_max_locks 100000
dbconfig set_lk_max_lockers 100000

index           objectClass eq

lastmod         on

access to attrs=userPassword,sambaLMPassword,sambaNTPassword,krb5KeyVersionNumber,krb5Key,cmusaslsecretOTP
        by anonymous auth
        by self write
        by * none

access to dn.base="ou=people,dc=example,dc=org"
        by users read
        by anonymous auth
        by * none

access to attrs=objectClass,entry,uid,authzTo
        by self read
        by anonymous auth
        by * none

access to dn.base="" by * read

authz-regexp
  "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
  "cn=admin,dc=example,dc=org"

authz-regexp
  "uid=([^,]+),cn=([^,]+),cn=auth"
  "ldap:///ou=people,dc=example,dc=org??one?(uid=$1)"

authz-regexp
  "uid=([^,]+),cn=example.org,cn=[^,]+,cn=auth"
  "ldap:///ou=people,dc=example,dc=org??one?(uid=$1)"

authz-policy to

password-hash {CLEARTEXT}

database        config
rootdn          "cn=admin,dc=example,dc=org"