# provider slapd config -- for testing
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2022 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

include		@SCHEMADIR@/core.schema
include		@SCHEMADIR@/cosine.schema
include		@SCHEMADIR@/inetorgperson.schema
include		@SCHEMADIR@/openldap.schema
include		@SCHEMADIR@/nis.schema
pidfile		@TESTDIR@/slapd.m.pid
argsfile	@TESTDIR@/slapd.m.args

#######################################################################
# database definitions
#######################################################################

#mod#modulepath ../servers/slapd/back-@BACKEND@/:../servers/slapd/overlays
#mod#moduleload back_@BACKEND@.la
#ldapmod#modulepath ../servers/slapd/back-ldap/
#ldapmod#moduleload back_ldap.la
#monitormod#modulepath ../servers/slapd/back-monitor/
#monitormod#moduleload back_monitor.la

# here the proxy is not only acting as a proxy, but it also has a local database dc=local,dc=com"
database	@BACKEND@
suffix		"dc=local,dc=com"
rootdn		"cn=Manager,dc=local,dc=com"
rootpw		"secret"
#~null~#directory	@TESTDIR@/db.2.a

# Configure proxy
# - normal user binds to "*,dc=example,dc=com" are proxied through to the remote slapd
# - admin bind to local "cn=Manager,dc=local,dc=com" is overwritten by using idassert-bind
database	ldap
uri			"@URI1@"
suffix		"dc=example,dc=com"
idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials="secret"
idassert-authzFrom "dn.exact:cn=Manager,dc=local,dc=com"
rebind-as-user	yes

database	monitor