# master slapd config -- for testing
# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29 
 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2003 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

#ucdata-path	./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile     ./testrun/slapd.1.pid
argsfile    ./testrun/slapd.1.args

# password-hash	{md5}

#mod#modulepath	../servers/slapd/back-@BACKEND@/
#mod#moduleload	back_@BACKEND@.la

#######################################################################
# ldbm database definitions
#######################################################################

authz-policy	both
authz-regexp	"^uid=admin/([^,]+),.*" "ldap:///ou=Admin,dc=example,dc=com??sub?cn=$1"
authz-regexp	"^uid=it/([^,]+),.*" "ldap:///ou=People,dc=example,dc=it??sub?uid=$1"
authz-regexp	"^uid=(us/)*([^,]+),.*" "ldap:///ou=People,dc=example,dc=com??sub?uid=$2"

#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#

access to attr=userpassword
	by self =wx
	by anonymous =x

access to *
	by users read
	by * search

database	@BACKEND@
#ldbm#cachesize	0
suffix		"dc=example,dc=com"
directory	./testrun/db.1.a
rootdn		"cn=Manager,dc=example,dc=com"
rootpw		secret
index		objectClass	eq
index		cn,sn,uid	pres,eq,sub

access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
		attr=authzTo
	by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
	by * =x

database	@BACKEND@
#ldbm#cachesize	0
suffix		"dc=example,dc=it"
directory	./testrun/db.2.a
rootdn		"cn=Manager,dc=example,dc=it"
rootpw		secret
index		objectClass	eq
index		cn,sn,uid	pres,eq,sub

database	ldap
suffix		"o=Example,c=US"
suffixmassage	"o=Example,c=US" "dc=example,dc=com"
uri		"ldap://:9011/"

#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" "mech=DIGEST-MD5"
#nosasl#idassert-method "simple"
#nosasl#idassert-authcDN	"cn=Proxy US,ou=Admin,dc=example,dc=com"
#nosasl#idassert-passwd		proxy
idassert-mode	self

# authorizes database
idassert-authz	"dn.subtree:dc=example,dc=it"

database	ldap
suffix		"o=Esempio,c=IT"
suffixmassage	"o=Esempio,c=IT" "dc=example,dc=com"
uri		"ldap://:9011/"

acl-authcDN	"cn=Proxy IT,ou=Admin,dc=example,dc=com"
acl-passwd	proxy

idassert-method "simple"
idassert-authcDN	"cn=Proxy IT,ou=Admin,dc=example,dc=com"
idassert-passwd		proxy
idassert-mode	"dn:cn=Sandbox,ou=Admin,dc=example,dc=com"

# authorizes database
idassert-authz	"dn.subtree:dc=example,dc=com"
# authorizes anonymous
idassert-authz	"dn.exact:"

access to attrs=entry,cn,sn,mail
	by users read

access to *
	by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
	by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
	by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
	by * none