include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
-schemacheck off
pidfile ./test-db/slapd.pid
argsfile ./test-db/slapd.args
#######################################################################
database @BACKEND@
-cachesize 0
+#ldbm#cachesize 0
suffix "o=University of Michigan,c=US"
directory ./test-db
rootdn "cn=Manager,o=University of Michigan,c=US"
#ldbm#index cn,sn,uid pres,eq,sub
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
-lastmod on
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
+access to dn="" by * read
+access to dn.base="" by * read
+
access to attr=objectclass
by * =rsc stop
by dnattr=member selfwrite
by * read
+access to attr=member filter=(mail=*edu)
+ by * read
+
access to filter="(objectclass=groupofnames)"
by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue
by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
by * break
+access to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US"
+ by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
+ by * read
+
+access to filter="(name=X*Y*Z)"
+ by * continue
+
# fall into global ACLs
projects / openldap / blobdiff