# consumer slapd config -- for testing of replication # $OpenLDAP$ ## This work is part of OpenLDAP Software <http://www.openldap.org/>. ## ## Copyright 1998-2021 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## <http://www.OpenLDAP.org/license.html>. include @SCHEMADIR@/core.schema include @SCHEMADIR@/cosine.schema include @SCHEMADIR@/inetorgperson.schema include @SCHEMADIR@/openldap.schema include @SCHEMADIR@/nis.schema # pidfile @TESTDIR@/slapd.2.pid argsfile @TESTDIR@/slapd.2.args #mod#modulepath ../servers/slapd/back-@BACKEND@/ #mod#moduleload back_@BACKEND@.la #ldapmod#modulepath ../servers/slapd/back-ldap/ #ldapmod#moduleload back_ldap.la #ldapyes#overlay chain #ldapyes#chain-uri @URI1@ #ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self #ldapmod#overlay chain #ldapmod#chain-uri @URI1@ #ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self ####################################################################### # database definitions ####################################################################### access to dn.base="" attrs=children by dn.exact="cn=Monitor" write by * break access to * by * read database @BACKEND@ suffix "dc=example,dc=com" rootdn "cn=consumer,dc=example,dc=com" rootpw secret # HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply # without the need to write the UpdateDN before starting replication updatedn "cn=Monitor" updateref @URI1@ #null#bind on #~null~#directory @TESTDIR@/db.2.a #indexdb#index objectClass eq #indexdb#index cn,sn,uid pres,eq,sub #indexdb#index entryUUID pres,eq #ndb#dbname db_2 #ndb#include @DATADIR@/ndb.conf # Need to strip hasSubordinates from internal searches otherwise # syncrepl will try to delete it, since syncprov is not sending # it because it's generated access to dn.subtree="dc=example,dc=com" attrs=hasSubordinates by dn.exact="cn=Monitor" none by * read access to dn.subtree="dc=example,dc=com" by dn.exact="cn=Monitor" write by * read database monitor rootdn "cn=Monitor" rootpw monitor |