elliottwilliams/slapd.conf

## slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/ppolicy.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/Cellar/openldap/2.4.33/libexec/openldap
moduleload      back_hdb
moduleload      ppolicy

# loglevel        none
sizelimit       unlimited

#######################################################################
# BDB database definitions
#######################################################################

# OpenMRS.org Database
database        hdb
suffix          "dc=openmrs,dc=org"
rootdn          "cn=admin,dc=openmrs,dc=org"
rootpw          secret
directory       /var/lib/ldap
index           objectClass     eq
index           cn              eq,sub,pres

overlay ppolicy
ppolicy_default cn=password,ou=policy,dc=openmrs,dc=org
ppolicy_hash_cleartext

password-hash {SSHA}

# ACLs
access to attrs=userPassword
        by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read
        by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
        by anonymous auth
        by self write
        by * none

access to attrs=pwdPolicySubentry
        by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
        by * none

access to attrs=pwdChangedTime
        by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read
        by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none

access to dn.subtree="ou=users,dc=openmrs,dc=org"
        by dn="uid=gasync,ou=system,dc=openmrs,dc=org" write
        by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
        by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
        by self write
        by users read
        by * none

access to dn.subtree="ou=groups,dc=openmrs,dc=org"
        by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
        by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
        by self write
        by users read
        by * none

access to *
        by self write
        by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
        by users read
        by * none
	#
	# See slapd.conf(5) for details on configuration options.
	# This file should NOT be world readable.
	#
	include /etc/ldap/schema/core.schema
	include /etc/ldap/schema/cosine.schema
	include /etc/ldap/schema/inetorgperson.schema
	include /etc/ldap/schema/ppolicy.schema

	pidfile /var/run/slapd/slapd.pid
	argsfile /var/run/slapd/slapd.args

	# Load dynamic backend modules:
	# modulepath /usr/local/Cellar/openldap/2.4.33/libexec/openldap
	moduleload back_hdb
	moduleload ppolicy

	# loglevel none
	sizelimit unlimited

	#######################################################################
	# BDB database definitions
	#######################################################################

	# OpenMRS.org Database
	database hdb
	suffix "dc=openmrs,dc=org"
	rootdn "cn=admin,dc=openmrs,dc=org"
	rootpw secret
	directory /var/lib/ldap
	index objectClass eq
	index cn eq,sub,pres

	overlay ppolicy
	ppolicy_default cn=password,ou=policy,dc=openmrs,dc=org
	ppolicy_hash_cleartext

	password-hash {SSHA}

	# ACLs
	access to attrs=userPassword
	by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read
	by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
	by anonymous auth
	by self write
	by * none

	access to attrs=pwdPolicySubentry
	by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
	by * none

	access to attrs=pwdChangedTime
	by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read
	by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none

	access to dn.subtree="ou=users,dc=openmrs,dc=org"
	by dn="uid=gasync,ou=system,dc=openmrs,dc=org" write
	by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
	by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
	by self write
	by users read
	by * none

	access to dn.subtree="ou=groups,dc=openmrs,dc=org"
	by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write
	by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
	by self write
	by users read
	by * none

	access to *
	by self write
	by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none
	by users read
	by * none