#
# Syn-3 LDAP configuration for standalone mode (single master)

#Automaticly created on ldap-restart:
include		/etc/openldap/schemas.conf

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

#only error logging
loglevel none
sizelimit unlimited


#######################################################################
# BDB database definitions
#######################################################################

database	bdb
cachesize 1000
idlcachesize 1000
dncachesize 1000

monitoring off
suffix		"dc=syn-3"
rootdn		"cn=Manager,dc=syn-3"
rootpw	%ldap_passwd%

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/home/system/openldap/openldap-master
# Indices to maintain
index   sambaSID        eq
index   sambaPrimaryGroupSID    eq
index   sambaDomainName eq
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname       eq,subinitial
index   entryCSN,entryUUID      eq
index   sambaSIDList     eq
index   sambaGroupType     eq
index   alias     eq
index   ou     eq
index   dc     eq
index zarafaAliases eq


#gebruikers kunnen zich authentificeren en hun paswoord verranderen en hun mail attribute setten
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
    by self write
    by anonymous auth
    by * none

#openxchange addressbook
access to dn.regex="ou=addr,uid=(.*),ou=Users,dc=syn-3"
    by dn.regex="uid=$1,ou=Users,dc=syn-3" write
    by * none break

access to dn.subtree="o=AddressBook,dc=syn-3"
    by group="cn=AddressAdmins,o=AddressBook,dc=syn-3" write
    by users read
    by * none

access to dn.subtree="ou=Users,dc=syn-3" by self write
    by * read

access to *
    by * read