-E: 1. # ldbm definition for the U-M database
-E: 2. database ldbm
-E: 3. suffix "o=OpenLDAP Project, c=US"
-E: 4. directory /usr/local/var/openldap
-E: 6. rootdn "cn=Manager, o=OpenLDAP Project, c=US"
-E: 7. rootpw secret
-E: 8. replogfile /usr/local/var/openldap/slapd.replog
-E: 9. replica host=slave1.openldap.org:389
-E: 10. binddn="cn=Replicator, o=OpenLDAP Project, c=US"
-E: 11. bindmethod=simple credentials=secret
-E: 12.replica host=slave2.openldap.org
-E: 13. binddn="cn=Replicator, o=OpenLDAP Project, c=US"
-E: 14. bindmethod=kerberos
-E: 15. srvtab=/etc/srvtab.slave2
-E: 16.# ldbm indexed attribute definitions
-E: 17.index cn,sn,uid pres,eq,approx,sub
-E: 18.index objectclass pres,eq
-E: 19.index default none
-E: 20.# ldbm access control definitions
-E: 21.defaultaccess read
-E: 22.access to attr=userpassword
-E: 23. by self write
-E: 24. by dn="cn=Admin, o=OpenLDAP Project, c=US" write
-E: 25. by * compare
-
-Line 1 is a comment. The start of the database definition is
-marked by the database keyword on line 2. Line 3 specifies
-the DN suffix for queries to pass to this database. Line 4
-specifies the directory in which the database files will live
-
-Lines 6 and 7 identify the database "super user" entry and
-associated password. This entry is not subject to access
-control or size or time limit restrictions.
-
-Lines 8 through 15 are for replication. Line 8 specifies the
-replication log file (where changes to the database are logged
-\- this file is written by slapd and read by slurpd). Lines 9
-through 11 specify the hostname and port for a replicated
-host, the DN to bind as when performing updates, the bind
-method (simple) and the credentials (password) for the
-binddn. Lines 12 through 15 specify a second replication site,
-using kerberos instead of simple authentication. See Section
-10 on slurpd for more information on these options.
-
-Lines 16 through 19 indicate the indexes to maintain for
-various attributes. The default is not to maintain any indexes
-(line 19).
-
-Lines 20 through 25 specify access control for entries in the
-database. For all entries, the {{EX: userPassword}} attribute is
-writable by the entry and the "admin" entry, comparable by
-everyone else. All other attributes allow read access by
-default (line 21). Note that the special "entry" attribute is not
-required in the access directive beginning on line 22. This is
-because the default access is read.
-
-The next section of the example configuration file defines
-another LDBM database. This one handles queries involving
-the "o="Babs, Inc.", c=US" subtree.
-
-E: 1. # ldbm definition for Babs, Inc. database
-E: 2. database ldbm
-E: 3. suffix "o=\"Babs, Inc.\", c=US"
-E: 4. directory /usr/local/ldbm-babs
-E: 5. rootdn "cn=Babs, o=\"Babs, Inc.\", c=US"
-E: 6. index default
-
-Note the use of `\' to escape the quotes necessary in the
-distinguished names given on lines 3 and 5. By default, all
-indexes are maintained for every attribute in an entry.
-
+E: 5. # BDB definition for the example.com
+E: 6. database bdb
+E: 7. suffix "dc=example,dc=com"
+E: 8. directory /usr/local/var/openldap-data
+E: 9. rootdn "cn=Manager,dc=example,dc=com"
+E: 10. rootpw secret
+E: 11. # replication directives
+E: 12. replogfile /usr/local/var/openldap/slapd.replog
+E: 13. replica host=slave1.example.com:389
+E: 14. binddn="cn=Replicator,dc=example,dc=com"
+E: 15. bindmethod=simple credentials=secret
+E: 16. replica host=slave2.example.com
+E: 17. binddn="cn=Replicator,dc=example,dc=com"
+E: 18. bindmethod=simple credentials=secret
+E: 19. # indexed attribute definitions
+E: 20. index uid pres,eq
+E: 21. index cn,sn,uid pres,eq,approx,sub
+E: 22. index objectClass eq
+E: 23. # database access control definitions
+E: 24. access to attr=userPassword
+E: 25. by self write
+E: 26. by anonymous auth
+E: 27. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 28. by * none
+E: 29. access to *
+E: 30. by self write
+E: 31. by dn.base="cn=Admin,dc=example,dc=com" write
+E: 32. by * read
+
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.
+
+Lines 9 and 10 identify the database {{super-user}} entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.
+
+Lines 11 through 18 are for replication. Line 12 specifies the
+replication log file (where changes to the database are logged -
+this file is written by slapd and read by slurpd). Lines 13 through
+15 specify the hostname and port for a replicated host, the DN to
+bind as when performing updates, the bind method (simple) and the
+credentials (password) for the binddn. Lines 16 through 18 specify
+a second replication site. See the {{SECT:Replication with slurpd}}
+chapter for more information on these directives.
+
+Lines 20 through 22 indicate the indices to maintain for various
+attributes.
+
+Lines 24 through 32 specify access control for entries in this
+database. As this is the first database, the controls also apply
+to entries not held in any database (such as the Root DSE). For
+all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry. It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by all users (authenticated or not).
+
+The next section of the example configuration file defines another
+BDB database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database. Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.
+
+E: 33. # BDB definition for example.net
+E: 34. database bdb
+E: 35. suffix "dc=example,dc=net"
+E: 36. directory /usr/local/var/openldap-data-net
+E: 37. rootdn "cn=Manager,dc=example,dc=com"
+E: 38. index objectClass eq
+E: 39. access to * by users read