--- /dev/null
+# See slapd-config(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /run/openldap/slapd.args
+olcPidFile: /run/openldap/slapd.pid
+#
+# TLS settings
+#
+#olcTLSCACertificateFile: /etc/pki/CA/cacert.pem
+#olcTLSCertificateFile: /etc/openldap/certs/server.pem
+#olcTLSCertificateKeyFile: /etc/openldap/certs/server.pem
+#
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#
+#olcReferral: ldap://root.openldap.org
+#
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 64-bit encryption for simple bind
+#
+#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
+
+#
+# Load dynamic backend modules:
+# - modulepath is architecture dependent value (32/64-bit system)
+# - back_sql.la backend requires openldap-servers-sql package
+# - dyngroup.la and dynlist.la cannot be used at the same time
+#
+
+#dn: cn=module,cn=config
+#objectClass: olcModuleList
+#cn: module
+#olcModulepath: /usr/lib/openldap
+#olcModulepath: /usr/lib64/openldap
+#olcModuleload: accesslog.la
+#olcModuleload: auditlog.la
+#olcModuleload: back_dnssrv.la
+#olcModuleload: back_hdb.so
+#olcModuleload: back_ldap.la
+#olcModuleload: back_mdb.la
+#olcModuleload: back_meta.la
+#olcModuleload: back_null.la
+#olcModuleload: back_passwd.la
+#olcModuleload: back_relay.la
+#olcModuleload: back_shell.la
+#olcModuleload: back_sock.la
+#olcModuleload: collect.la
+#olcModuleload: constraint.la
+#olcModuleload: dds.la
+#olcModuleload: deref.la
+#olcModuleload: dyngroup.la
+#olcModuleload: dynlist.la
+#olcModuleload: memberof.la
+#olcModuleload: pcache.la
+#olcModuleload: ppolicy.la
+#olcModuleload: refint.la
+#olcModuleload: retcode.la
+#olcModuleload: rwm.la
+#olcModuleload: seqmod.la
+#olcModuleload: smbk5pwd.la
+#olcModuleload: sssvlv.la
+#olcModuleload: syncprov.la
+#olcModuleload: translucent.la
+#olcModuleload: unique.la
+#olcModuleload: valsort.la
+
+
+#
+# Schema settings
+#
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/openldap/schema/core.ldif
+include: file:///etc/openldap/schema/cosine.ldif
+include: file:///etc/openldap/schema/nis.ldif
+include: file:///etc/openldap/schema/inetorgperson.ldif
+
+#
+# Frontend settings
+#
+
+dn: olcDatabase=frontend,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: frontend
+#
+# Sample global access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+#
+#olcAccess: to dn.base="" by * read
+#olcAccess: to dn.base="cn=Subschema" by * read
+#olcAccess: to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+#
+
+#
+# Configuration database
+#
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" manage by * none
+
+#
+# Server status monitoring
+#
+
+#dn: olcDatabase=monitor,cn=config
+#objectClass: olcDatabaseConfig
+#olcDatabase: monitor
+#olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
+
+#
+# Backend database definitions
+#
+
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcSuffix: @SUFFIX@
+olcRootDN: cn=admin,@SUFFIX@
+olcDbDirectory: /var/lib/ldap
+olcDbIndex: objectClass eq,pres
+olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
+++ /dev/null
-# _ ___ _
-# (_) / __|_)
-# _ ____ | |__ _ ____ ____
-# | | _ \| __) |/ ___) _ )
-# | | | | | | | | | ( (/ /
-# |_| ||_/|_| |_|_| \____)
-# |_|
-#
-# OpenLDAP configuration
-#
-# www.ipfire.org - Licensed under the GPLv3
-#
-
-include /etc/openldap/schema/core.schema
-include /etc/openldap/schema/cosine.schema
-include /etc/openldap/schema/inetorgperson.schema
-include /etc/openldap/schema/nis.schema
-
-pidfile /var/run/slapd.pid
-argsfile /var/run/slapd.args
-
-loglevel 2048
-
-#######################################################################
-# Load modules
-#######################################################################
-
-moduleload back_hdb.so
-
-#######################################################################
-# ACL
-#######################################################################
-
-access to attrs=userPassword,userPKCS12
- by self write
- by * auth
-access to attrs=shadowLastChange
- by self write
- by * read
-access to *
- by * read
-
-#######################################################################
-# BDB database definitions
-#######################################################################
-
-database hdb
-suffix "dc=my-domain,dc=com"
-rootdn "cn=Manager,dc=my-domain,dc=com"
-rootpw secret
-
-directory /var/lib/ldap
-
-# Indices to maintain for this database
-index objectClass eq,pres
-index ou,cn,mail,surname,givenname eq,pres,sub
-index uidNumber,gidNumber,loginShell eq,pres
-index uid,memberUid eq,pres,sub
-index nisMapName,nisMapEntry eq,pres,sub