# Loading of backend modules - automatically generated

modulepath      /usr/lib/ldap
moduleload back_bdb

# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema

#schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
replogfile	/var/lib/ldap/replog
loglevel        0

#######################################################################
# ldbm database definitions
#######################################################################

database bdb

suffix          "dc=itia,dc=ntua,dc=gr"
rootdn "uid=admin,dc=itia,dc=ntua,dc=gr"
rootpw ##################
directory       "/var/lib/ldap"

index uid eq
index cn eq
index gn,mail eq,sub
index sn eq,sub
index ou eq
index default eq,sub
index objectClass eq

lastmod on

# Security policy: admin can do anything at all; userPassword can be
# read or written by self only; all other attributes readable by all,
# writeable by self. Anonymous access not allowed.

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

# This is needed for Samba to be able to make group mappings
access to attrs=objectClass
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
        by anonymous none
        by users read
	
access to attrs=sambaLMPassword,sambaNTPassword
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
        by self write
        by * auth

access to attrs=sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
        by self write
        by * none

access to dn="sambaDomainName=ITIA,dc=itia,dc=ntua,dc=gr" attrs=entry
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
	by * none

access to dn="dc=itia,dc=ntua,dc=gr" attrs=children
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
	by * none

access to dn="ou=groups,dc=itia,dc=ntua,dc=gr" attrs=children
        by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
	by * none

access to *
        by anonymous none
        by users read

#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSCertificateFile /etc/ssl/certs/itia.ntua.gr.pem
TLSCertificateKeyFile /etc/ssl/private/itia.ntua.gr.pem
TLSVerifyClient allow