include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
-include /etc/ldap/schema/samba.schema
-include /etc/ldap/schema/courierimap.schema
-include /etc/ldap/schema/phpgwaccount.schema
-include /etc/ldap/schema/phpgwcontact.schema
-include /etc/ldap/schema/ldapab.schema
+include /etc/ldap/schema/ldapab.schema
# Schema check allows for forcing entries to
argsfile /var/run/slapd.args
# Where to store the replica logs
-replogfile /var/lib/ldap/replog
+replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
#loglevel 256
-loglevel 0
+loglevel 0
+
+# Don't set a limit n returned result sets
+sizelimit -1
#######################################################################
# ldbm database definitions
# Indexing options
index objectClass eq
-# Folgende Indizies sind im samba-LDAP-HOWTO empfohlen;
-
## support pbb_getsampwnam()
index uid pres,eq
## support pdb_getsampwrid()
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
-access to attribute=userPassword
+access to attrs=userPassword
by dn="cn=admin,o=cosmocode,c=de" write
by anonymous auth
by self write
by * none
-access to attribute=lmPassword
+access to attrs=lmPassword
by dn="cn=admin,o=cosmocode,c=de" write
by anonymous auth
by self write
by * none
-access to attribute=ntPassword
+access to attrs=ntPassword
by dn="cn=admin,o=cosmocode,c=de" write
by anonymous auth
by self write
by * none
# private LDAP Addressbook is readable and writable for the owner only
-access to dn="(.*,)?ou=contacts,cn=([^,]+),ou=people,(.*)$"
- by dn="cn=$2,ou=people,$3" write
+access to dn.regex="(.*,)?ou=contacts,cn=([^,]+),ou=people,(.*)$"
+ by dn.regex="cn=$2,ou=people,$3" write
by * none
+# user entry is writable for the owner only, but readable for all
+access to dn.regex="(.*,)?cn=([^,]+),ou=people,(.*)$"
+ by dn.regex="cn=ldapadmin,o=cosmocode,c=de" write
+ by dn.regex="cn=$2,ou=people,$3" write
+ by * read
+
# global LDAP Addressbook is writable for all authenticated users
# This entry has to be _before_ any other entry that matches the contact
# tree eg. the * entry
access to dn.subtree="ou=contacts,o=cosmocode,c=de"
- by users write
- by * read
+ by users write
+ by * read
# The admin dn has full write access
access to *
by dn="cn=admin,o=cosmocode,c=de" write
by * read
-# For Netscape Roaming support, each user gets a roaming
-# profile for which they have write access to
-#access to dn=".*,ou=Roaming,o=morsnet"
-# by dn="cn=admin,o=cosmocode,c=de" write
-# by dnattr=owner write