# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.


# this file is automatically written by the Kolab config backend
# manual additions are lost unless made to the template in the Kolab config directory

include /etc/kolab/kolab.schema

# added for Nexedi's usage of LDAP
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/samba.schema

pidfile		/var/run/ldap/slapd.pid
argsfile	/var/run/ldap/slapd.args
replogfile      /var/lib/ldap/replog

schemacheck 	on
lastmod		on

TLSCertificateFile     /etc/kolab/cert.pem
TLSCertificateKeyFile  /etc/kolab/key.pem

require 	none
allow 		bind_v2

loglevel	0

database	ldbm
suffix		"@@@base_dn@@@"
directory	/var/lib/ldap

rootdn          "@@@bind_dn@@@"
rootpw          "@@@bind_pw@@@"

replica host=127.0.0.1:9999
        binddn="cn=replicator"
        bindmethod=simple credentials=secret


index	objectClass	eq
index	uid		eq
index	mail		eq
index   alias		eq

access to attr="userPassword,sambaLMPassword,sambaNTPassword"
   	by group="cn=admin,@@@base_dn@@@" write
        by group="cn=maintainer,@@@base_dn@@@" write
        by self write
        by anonymous auth
        by * none stop

access to dn="cn=nobody,@@@base_dn@@@"
        by anonymous auth stop

access to dn="cn=manager,@@@base_dn@@@"
        by dn="cn=nobody,@@@base_dn@@@" read
        by self write
        by anonymous read stop

access to dn="cn=admin,@@@base_dn@@@"
        by group="cn=admin,@@@base_dn@@@" write
        by dn="cn=nobody,@@@base_dn@@@" read
        by self write
        by anonymous auth stop

access to dn="cn=maintainer,"
        by group="cn=admin,@@@base_dn@@@" write
        by dn="cn=nobody,@@@base_dn@@@" read
        by self write
        by anonymous auth stop

access to dn="(.*,)?cn=internal,@@@base_dn@@@"
 	by group="cn=admin,@@@base_dn@@@" write
        by group="cn=maintainer,@@@base_dn@@@" write
        by self write
	by dn="cn=nobody,@@@base_dn@@@" read 
	by anonymous auth stop

access to dn="(.*,)?cn=external,@@@base_dn@@@"
        by group="cn=admin,@@@base_dn@@@" write
        by group="cn=maintainer,@@@base_dn@@@" write
	by * read stop

access to dn="cn=external,@@@base_dn@@@"
	by dn="cn=nobody,@@@base_dn@@@" read 
	by * search stop

access to dn="cn=internal,@@@base_dn@@@"
	by dn="cn=nobody,@@@base_dn@@@" read 
        by * search stop

access to dn="k=kolab,@@@base_dn@@@"
	by group="cn=admin,@@@base_dn@@@" write
	by dn="cn=nobody,@@@base_dn@@@" read 
	by * none stop

access to * 
        by self write
	by group="cn=admin,@@@base_dn@@@" write
 	by group="cn=maintainer,@@@base_dn@@@" write
	by * read stop