moduleload	memberof.so
moduleload	syncprov.so
moduleload	back_ldap.so

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

loglevel	256

access to attrs=userPassword
	by self write
	by * auth

access to *
	by * read

defaultsearchbase	dc=COMPANY,dc=de

ServerID	1	ldap://amsrvmgmt.company.de

backend		bdb

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
cachesize	10000
# If this isn't written in CAPS, Windoze isn't able to join this domain
suffix		"dc=COMPANY,dc=DE"
checkpoint	32	5
rootdn		"cn=Manager,dc=company,dc=de"
rootpw		{SSHA}MYSECRETSSHAHASH
directory	/var/lib/openldap-data

index		entryUUID,entryCSN	eq

overlay			memberof
memberof-dangling	drop
memberof-refint		true

overlay			syncprov
syncprov-checkpoint	10 1
syncprov-sessionlog	50
syncrepl
	rid=2
	provider=ldap://10.7.3.2
	searchbase="dc=company,dc=de"
	type=refreshAndPersist
	retry="5 10 30 +"
	filter="objectClass=*"
	scope=sub
	attrs="*,+"
	sizelimit=unlimited
	timelimit=unlimited
	binddn="cn=replicator,dc=company,dc=de"
	bindmethod=simple
	credentials="mysecretpassword"
updateref		"ldap://10.7.3.2"

overlay			chain
chain-uri		"ldap://10.7.3.2"
chain-idassert-bind	bindmethod=simple
			binddn="cn=Manager,dc=company,dc=de"
			credentials="mysecretpassword"
			mode=self
chain-return-error	true
chain-rebind-as-user	true