pbruna/saslauthd.conf

## saslauthd.conf
# /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=%d,dc=local
ldap_timeout: 10
ldap_filter: (|(uid=%U)(SAMACCOUNTNAME=%U))
ldap_bind_dn: cn=Manager,dc=local
ldap_password: secret
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind

## slapd.conf
# Load all the Schemas
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args


# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by running
# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
# at self-signed certificates, however.
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password


#######################################################################
# database definitions
#######################################################################

database	bdb
suffix		"dc=proxy,dc=ldap"
rootdn		"cn=Manager,dc=proxy,dc=ldap"
rootpw		secret

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Auth options
####################################
sasl-host       localhost
sasl-secprops   none
password-hash   {CLEARTEXT}

# Meta Databases
database        meta
suffix          "dc=local"
rootdn          "cn=Manager,dc=local"
rootpw          secret

# zimbra
uri ldap://zimbra-server.example.com/ou=zimbra,dc=local

lastmod       off
suffixmassage   "ou=zimbra,dc=local" "ou=people,dc=example,dc=com"
idassert-bind bindmethod=simple
   binddn="uid=zimbra,cn=admins,cn=zimbra"
   credentials="password"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"


# Samba4
uri  ldap://samba4-server.example.com/ou=samba4,dc=local

lastmod       off
suffixmassage "ou=samba4,dc=local" "ou=users,dc=example,dc=com"
idassert-bind bindmethod=simple
  binddn="cn=manager,cn=users,dc=example,dc=com"
  credentials="password"
  mode=none
  flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"
	# /etc/saslauthd.conf
	ldap_servers: ldap://127.0.0.1
	ldap_search_base: ou=%d,dc=local
	ldap_timeout: 10
	ldap_filter: (\|(uid=%U)(SAMACCOUNTNAME=%U))
	ldap_bind_dn: cn=Manager,dc=local
	ldap_password: secret
	ldap_deref: never
	ldap_restart: yes
	ldap_scope: sub
	ldap_use_sasl: no
	ldap_start_tls: no
	ldap_version: 3
	ldap_auth_method: bind
	# Load all the Schemas
	include /etc/openldap/schema/corba.schema
	include /etc/openldap/schema/core.schema
	include /etc/openldap/schema/cosine.schema
	include /etc/openldap/schema/duaconf.schema
	include /etc/openldap/schema/dyngroup.schema
	include /etc/openldap/schema/inetorgperson.schema
	include /etc/openldap/schema/java.schema
	include /etc/openldap/schema/misc.schema
	include /etc/openldap/schema/nis.schema
	include /etc/openldap/schema/openldap.schema
	include /etc/openldap/schema/ppolicy.schema
	include /etc/openldap/schema/collective.schema

	# Allow LDAPv2 client connections. This is NOT the default.
	allow bind_v2
	pidfile /var/run/openldap/slapd.pid
	argsfile /var/run/openldap/slapd.args


	# The next three lines allow use of TLS for encrypting connections using a
	# dummy test certificate which you can generate by running
	# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
	# at self-signed certificates, however.
	TLSCACertificatePath /etc/openldap/certs
	TLSCertificateFile "\"OpenLDAP Server\""
	TLSCertificateKeyFile /etc/openldap/certs/password


	#######################################################################
	# database definitions
	#######################################################################

	database bdb
	suffix "dc=proxy,dc=ldap"
	rootdn "cn=Manager,dc=proxy,dc=ldap"
	rootpw secret

	# The database directory MUST exist prior to running slapd AND
	# should only be accessible by the slapd and slap tools.
	# Mode 700 recommended.
	directory /var/lib/ldap

	# Indices to maintain for this database
	index objectClass eq,pres
	index ou,cn,mail,surname,givenname eq,pres,sub
	index uidNumber,gidNumber,loginShell eq,pres
	index uid,memberUid eq,pres,sub
	index nisMapName,nisMapEntry eq,pres,sub

	# Auth options
	####################################
	sasl-host localhost
	sasl-secprops none
	password-hash {CLEARTEXT}

	# Meta Databases
	database meta
	suffix "dc=local"
	rootdn "cn=Manager,dc=local"
	rootpw secret

	# zimbra
	uri ldap://zimbra-server.example.com/ou=zimbra,dc=local

	lastmod off
	suffixmassage "ou=zimbra,dc=local" "ou=people,dc=example,dc=com"
	idassert-bind bindmethod=simple
	binddn="uid=zimbra,cn=admins,cn=zimbra"
	credentials="password"
	mode=none
	flags=non-prescriptive
	idassert-authzFrom "dn.exact:cn=Manager,dc=local"


	# Samba4
	uri ldap://samba4-server.example.com/ou=samba4,dc=local

	lastmod off
	suffixmassage "ou=samba4,dc=local" "ou=users,dc=example,dc=com"
	idassert-bind bindmethod=simple
	binddn="cn=manager,cn=users,dc=example,dc=com"
	credentials="password"
	mode=none
	flags=non-prescriptive
	idassert-authzFrom "dn.exact:cn=Manager,dc=local"