-E: 4. # ldbm definition for the example.com
-E: 5. database ldbm
-E: 6. suffix "dc=example, dc=com"
-E: 7. directory /usr/local/var/openldap
-E: 8. rootdn "cn=Manager, dc=example, dc=com"
-E: 9. rootpw secret
-E: 10. replogfile /usr/local/var/openldap/slapd.replog
-E: 11. replica host=slave1.example.com:389
-E: 12. binddn="cn=Replicator, dc=example, dc=com"
-E: 13. bindmethod=simple credentials=secret
-E: 14. replica host=slave2.example.com
-E: 15. binddn="cn=Replicator, dc=example, dc=com"
-E: 16. bindmethod=kerberos
-E: 17. srvtab=/etc/srvtab.slave2
-E: 18. # ldbm indexed attribute definitions
-E: 19. index uid pres,eq
-E: 20. index cn,sn,uid pres,eq,approx,sub
-E: 21. index objectClass eq
-E: 22. # ldbm access control definitions
-E: 23. access to attr=userPassword
-E: 24. by self write
-E: 25. by anonymous auth
-E: 26. by dn="cn=Admin,dc=example,dc=com" write
-E: 27. by * none
-E: 28. access to *
-E: 29. by self write
-E: 30. by anonymous auth
-E: 31. by dn="cn=Admin,dc=example,dc=com" write
-E: 32. by * read
-
-Line 4 is a comment. The start of the database definition is
-marked by the database keyword on line 5. Line 6 specifies
-the DN suffix for queries to pass to this database. Line 7
-specifies the directory in which the database files will live
-
-Lines 8 and 9 identify the database "super user" entry and
-associated password. This entry is not subject to access
-control or size or time limit restrictions.
-
-Lines 10 through 17 are for replication. Line 10 specifies the
-replication log file (where changes to the database are logged
-\- this file is written by slapd and read by slurpd). Lines 11
-through 13 specify the hostname and port for a replicated
-host, the DN to bind as when performing updates, the bind
-method (simple) and the credentials (password) for the
-binddn. Lines 14 through 17 specify a second replication site,
-using kerberos instead of simple authentication. See Section
-10 on slurpd for more information on these directives.
-
-Lines 19 through 21 indicate the indexes to maintain for
-various attributes.
-
-Lines 23 through 32 specify access control for entries in the
-database. For all entries, the {{EX:userPassword}} attribute is
-writable by the entry and the "admin" entry, may be used for
-authentication/authorization purposes, but is otherwise not
-readable. All other attributes by writable by the entry and
-the "admin" entry, may be used for authentication/authorization
-purposes, but may be read by authenticated users.
-
-The next section of the example configuration file defines
-another LDBM database. This one handles queries involving
-the {{EX:dc=example,dc=net}} subtree.
-
-E: 33. # ldbm definition for example.net
-E: 34. database ldbm
-E: 35. suffix "dc=example, dc=net"
-E: 36. directory /usr/local/var/ldbm-example-net
-E: 37. rootdn "cn=Manager, dc=example, dc=net"
-
+E: 5. # BDB definition for the example.com
+E: 6. database bdb
+E: 7. suffix "dc=example,dc=com"
+E: 8. directory /usr/local/var/openldap-data
+E: 9. rootdn "cn=Manager,dc=example,dc=com"
+E: 10. rootpw secret
+E: 11. # replication directives
+E: 12. replogfile /usr/local/var/openldap/slapd.replog
+E: 13. replica host=slave1.example.com:389
+E: 14. binddn="cn=Replicator,dc=example,dc=com"
+E: 15. bindmethod=simple credentials=secret
+E: 16. replica host=slave2.example.com
+E: 17. binddn="cn=Replicator,dc=example,dc=com"
+E: 18. bindmethod=simple credentials=secret
+E: 19. # indexed attribute definitions
+E: 20. index uid pres,eq
+E: 21. index cn,sn,uid pres,eq,approx,sub
+E: 22. index objectClass eq
+E: 23. # database access control definitions
+E: 24. access to attr=userPassword
+E: 25. by self write
+E: 26. by anonymous auth
+E: 27. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 28. by * none
+E: 29. access to *
+E: 30. by self write
+E: 31. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 32. by * read
+
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.
+
+Lines 9 and 10 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 11 through 18 are for replication. Line 12 specifies the
+replication log file (where changes to the database are logged -
+this file is written by slapd and read by slurpd). Lines 13 through
+15 specify the hostname and port for a replicated host, the DN to
+bind as when performing updates, the bind method (simple) and the
+credentials (password) for the binddn. Lines 16 through 18 specify
+a second replication site. See the {{SECT:Replication with slurpd}}
+chapter for more information on these directives.
+
+Lines 20 through 22 indicate the indices to maintain for various
+attributes.
+
+Lines 24 through 32 specify access control for entries in this
+database. As this is the first database, the controls also apply
+to entries not held in any database (such as the Root DSE). For
+all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
+
+E: 33. # BDB definition for example.net
+E: 34. database bdb
+E: 35. suffix "dc=example,dc=net"
+E: 36. directory /usr/local/var/openldap-data-net
+E: 37. rootdn "cn=Manager,dc=example,dc=com"
+E: 38. index objectClass eq
+E: 39. access to * by users read