include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/samba.schema


pidfile		/usr/local/var/slapd.pid
argsfile	/usr/local/var/slapd.args
allow bind_v2
defaultsearchbase "dc=my-domain,dc=com"
gentlehup on
password-hash {MD5}
TLSCACertificateFile    /etc/openldap/ssl/cacert.pem
TLSCertificateFile      /etc/openldap/ssl/ldap.cert
TLSCertificateKeyFile   /etc/openldap/ssl/ldap.key



# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy is:
#	Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database	bdb
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
rootpw		{SSHA}JWN/MKR2cZJVRuA7IWEI5/6qdIoPRZSU

directory	/usr/local/var/openldap-data
index	objectClass	eq
index   uid		pres,eq
## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
index uidNumber     eq
index gidNumber     eq
index cn            eq
index memberUid     eq
index sn	eq
index mail	eq

access to attr=userPassword
 by dn="cn=manager,dc=my-domain,dc=com" write
 by self write
 by * auth

access to *
 by dn="cn=manager,dc=my-domain,dc=com" write
 by self write
 by * read