kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2003 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
-# password-hash {md5}
-
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
#######################################################################
-# ldbm database definitions
+# database definitions
#######################################################################
authz-policy both
-authz-regexp "^uid=admin/([^,]+),.*" "ldap:///ou=Admin,dc=example,dc=com??sub?cn=$1"
-authz-regexp "^uid=it/([^,]+),.*" "ldap:///ou=People,dc=example,dc=it??sub?uid=$1"
-authz-regexp "^uid=(us/)*([^,]+),.*" "ldap:///ou=People,dc=example,dc=com??sub?uid=$2"
+authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
+authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
+authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
#
# normal installations should protect root dse,
by self =wx
by anonymous =x
+access to dn.exact=""
+ by * read
+
access to *
by users read
by * search
database ldap
suffix "o=Example,c=US"
-suffixmassage "o=Example,c=US" "dc=example,dc=com"
-uri "ldap://:9011/"
+uri "@URI1@"
-#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" "mech=DIGEST-MD5"
+#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" @SASL_MECH@
#nosasl#idassert-method "simple"
#nosasl#idassert-authcDN "cn=Proxy US,ou=Admin,dc=example,dc=com"
#nosasl#idassert-passwd proxy
idassert-mode self
# authorizes database
-idassert-authz "dn.subtree:dc=example,dc=it"
+idassert-authzFrom "dn.subtree:dc=example,dc=it"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
database ldap
suffix "o=Esempio,c=IT"
-suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
-uri "ldap://:9011/"
+uri "@URI1@"
acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
acl-passwd proxy
idassert-mode "dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
# authorizes database
-idassert-authz "dn.subtree:dc=example,dc=com"
+idassert-authzFrom "dn.subtree:dc=example,dc=com"
# authorizes anonymous
-idassert-authz "dn.exact:"
+idassert-authzFrom "dn.exact:"
+
+overlay rwm
+rwm-suffixmassage "dc=example,dc=com"
access to attrs=entry,cn,sn,mail
by users read
by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
by * none
-
+#monitor#database monitor