# --- Global config dn: cn=config objectClass: olcGlobal cn: config olcPidFile: /run/openldap/slapd.pid olcArgsFile: /run/openldap/slapd.args dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/openldap olcModuleload: back_mdb.so dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema include: file:///etc/openldap/schema/core.ldif dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend {{ if ne (env `SLAPD_CONFIG_PASSWORD` `NONE`) `NONE` }} dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootPW: {{ env `SLAPD_CONFIG_PASSWORD` `secret` }} olcAccess: to * by * none {{ end }} dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn="cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}" write by * read olcSuffix: {{ env `SLAPD_SUFFIX` `dc=example,dc=com` }} olcRootDN: cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }} olcRootPW: {{ env `SLAPD_PASSWORD` `secret` }} olcDbDirectory: /var/lib/openldap/openldap-data olcDbIndex: objectClass eq