+# $OpenLDAP$
#
# master slapd config -- for testing
#
-include ./data/slapd.at.conf
-include ./data/slapd.oc.conf
-schemacheck off
-pidfile ./var/slapd-acl.pid
-argsfile ./var/slapd-acl.args
+ucdata-path ./ucdata
+include ./schema/core.schema
+include ./schema/cosine.schema
+include ./schema/inetorgperson.schema
+include ./schema/openldap.schema
+include ./schema/nis.schema
+pidfile ./test-db/slapd.pid
+argsfile ./test-db/slapd.args
+
+# global ACLs
+access to dn.base="" attr=objectClass by users read
+access to * by * read
+
+modulepath ../servers/slapd/back-@BACKEND@/
+@MODULELOAD@
#######################################################################
# ldbm database definitions
#######################################################################
-database ldbm
-suffix "o=University of Michigan, c=US"
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "o=University of Michigan,c=US"
directory ./test-db
-rootdn "cn=Manager, o=University of Michigan, c=US"
+rootdn "cn=Manager,o=University of Michigan,c=US"
rootpw secret
-index cn,sn,uid pres,eq,approx
-index default none
-lastmod on
-defaultaccess none
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access to dn="" by * read
+access to dn.base="" by * read
+
access to attr=objectclass
- by * read
-access to attr=userpassword
+ by * =rsc stop
+
+access to filter="(objectclass=person)" attr=userpassword dn.subtree=""
+ by anonymous auth
by self write
- by * compare
-access to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US"
- by dn=".*,o=University of Michigan,c=US"
- read
- by * none
-access to attr=member
+
+access to dn.children="ou=Alumni Association,ou=People,o=University of Michigan,c=US"
+ by dn.regex=".+,o=University of Michigan,c=US" +c continue
+ by dn.subtree="o=University of Michigan,c=US" +rs continue
+ by * stop
+
+access to attr=member,uniquemember
by dnattr=member selfwrite
+ by dnattr=uniquemember selfwrite
+ by * read
+
+access to attr=member,uniquemember filter=(mail=*edu)
by * read
-access to filter="objectclass=rfc822mailgroup"
- by dn="Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" write
+
+access to filter="(&(objectclass=groupofnames)(objectClass=groupofuniquenames))"
+ by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue
+ by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
+ by * break
+
+access to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+ by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
by * read
-access to * by * read
+
+access to filter="(name=X*Y*Z)"
+ by * continue
+
+# fall into global ACLs