# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

# Schema and objectClass definitions
include         #SCHEMADIR#/core.schema
include         #SCHEMADIR#/cosine.schema
include         #SCHEMADIR#/nis.schema
include         #SCHEMADIR#/inetorgperson.schema
include         #SCHEMADIR#/ltsp.schema
include         #SCHEMADIR#/samba.schema
include         #SCHEMADIR#/samba3.schema
include         #SCHEMADIR#/printer.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck	off

# Where clients are refered to if no
# match is found locally
#referral	ldap://some.other.ldap.server

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile		/var/run/slapd.pid

# List of arguments that were passed to the server
argsfile	/var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel	0

#######################################################################
# ldbm database definitions
#######################################################################

# The backend type, ldbm, is the default standard
database	ldbm

# The base of your directory
suffix		"#BASEDN#"
rootdn		"#ADMINRDN#,#BASEDN#"
rootpw		#ADMINPW#

# Where the database file are physically stored
directory	"/var/lib/ldap"

index   objectClass,sambaSID,uid,uidNumber,gidNumber,memberUid,member       eq
index   cn              eq,subinitial

# Save the time that the entry gets modified
lastmod on

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,@SUFFIX@"
#	by dnattr=owner write

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attr=userPassword
	by dn="#ADMINRDN#,#BASEDN#" write
	by anonymous auth
	by self write
	by * none

# ACLs proposées par Bruno Bzeznic

access to attr=userpassword
        by dn="#ADMINRDN#,#BASEDN#" write
        by self write
        by users none
        by anonymous auth

access to attr=lmPassword
       by dn="#ADMINRDN#,#BASEDN#" write
       by self write
       by users none
       by anonymous auth

access to attr=ntPassword
       by dn="#ADMINRDN#,#BASEDN#" write
       by self write
       by users none
       by anonymous auth

# The admin dn has full write access
access to *
	by dn="#ADMINRDN#,#BASEDN#" write
	by * read

# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into
# the replica using slapadd(8C).
#
# replogfile /var/lib/slurp/replog
# replica host=ldap-rep.foo.com bindmethod=simple
#	binddn="@ADMIN@"
#	credentials="XXXXXX"

# End of ldapd configuration file
sizelimit	3500