# Database settings dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcSuffix: dc=example,dc=com olcDbDirectory: /tmp/ldap/db olcRootDN: cn=admin,dc=example,dc=com olcRootPW: {SSHA}SgCZuAcGQA5HlgKi+g5xwVyI2NhXRFYh olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read # Create top-level object in domain dn: dc=example,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Example Organization dc: Example description: LDAP Example dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups # foo, groups, example.com dn: cn=foo,ou=groups,dc=example,dc=com cn: foo objectClass: groupOfNames objectClass: top member: uid=john,ou=people,dc=example,dc=com dn: ou=profiles,dc=example,dc=com objectClass: organizationalUnit ou: profiles dn: cn=radprofile,ou=profiles,dc=example,dc=com objectClass: radiusObjectProfile objectClass: radiusprofile cn: radprofile radiusFramedIPNetmask: 255.255.255.0 dn: cn=profile1,ou=profiles,dc=example,dc=com objectClass: radiusObjectProfile objectClass: radiusprofile cn: profile1 radiusReplyAttribute: Framed-IP-Netmask := 255.255.0.0 radiusReplyAttribute: Acct-Interim-Interval := 1800 radiusRequestAttribute: Service-Type := Framed-User radiusControlAttribute: Framed-IP-Address == 1.2.3.4 radiusControlAttribute: Reply-Message == "Hello world" dn: uid=john,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: radiusprofile uid: john sn: Doe givenName: John cn: John Doe displayName: John Doe userPassword: {cleartext}password uidNumber: 100 gidNumber: 100 homeDirectory: /home/john radiusIdleTimeout: 3600 radiusAttribute: reply:Session-Timeout := 7200 radiusAttribute: control:NAS-IP-Address := 1.2.3.4 radiusProfileDN: cn=profile1,ou=profiles,dc=example,dc=com