# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

# Schema and objectClass definitions
include         #SCHEMADIR#/core.schema
include         #SCHEMADIR#/cosine.schema
include         #SCHEMADIR#/nis.schema
include         #SCHEMADIR#/inetorgperson.schema
include         #SCHEMADIR#/ltsp.schema
include         #SCHEMADIR#/samba.schema
include         #SCHEMADIR#/samba3.schema
include         #SCHEMADIR#/printer.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
# schemacheck	off
# pas de scheme schek off sous etch ... on rigole plus

allow bind_v2

# Where clients are refered to if no
# match is found locally
#referral	ldap://some.other.ldap.server

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile		/var/run/slapd.pid

# List of arguments that were passed to the server
argsfile	/var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel	0

# Where the dynamically loaded modules are stored
modulepath	/usr/lib/ldap
moduleload	back_bdb

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend		bdb
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory
suffix		"#BASEDN#"
rootdn		"#ADMINRDN#,#BASEDN#"
rootpw		#ADMINPW#

# Where the database file are physically stored
directory	"/var/lib/ldap"

checkpoint 512 30

index      objectClass,uidNumber,gidNumber                  eq
index      cn,sn,uid,displayName                            pres,sub,eq
index      memberUid,mail,givenname                 eq,subinitial
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

# Save the time that the entry gets modified
lastmod on

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,@SUFFIX@"
#	by dnattr=owner write

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attr=userPassword
	by dn="#ADMINRDN#,#BASEDN#" write
	by anonymous auth
	by self write
	by * none

# ACLs proposées par Bruno Bzeznic

access to attr=userpassword
        by dn="#ADMINRDN#,#BASEDN#" write
        by self write
        by users none
        by anonymous auth

access to attr=sambaLmPassword
       by dn="#ADMINRDN#,#BASEDN#" write
       by self write
       by users none
       by anonymous auth

access to attr=sambaNtPassword
       by dn="#ADMINRDN#,#BASEDN#" write
       by self write
       by users none
       by anonymous auth

# The admin dn has full write access
access to *
	by dn="#ADMINRDN#,#BASEDN#" write
	by * read

# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into
# the replica using slapadd(8C).
#
# replogfile /var/lib/slurp/replog
# replica host=ldap-rep.foo.com bindmethod=simple
#	binddn="@ADMIN@"
#	credentials="XXXXXX"

# End of ldapd configuration file
sizelimit	3500