Most of the configuration of the ldap server has to do with getting correct
access controls to keep the data safe. Here is a sample:

# Turn on automatic last modification time 
lastmod on

# Index some things
index uid eq
index keyfingerprint eq
index cn,sn approx,sub,eq

# Administrate 
#rootdn "uid=admin,ou=users,dc=debian,dc=org"
#rootpw 

# Restrict reading/modification of the password to administration and self
access to attrs=userpassword
        by self write
        by dn="uid=admin,ou=users,dc=debian,dc=org" write
        by * compare	

# Reading of eamil forward is restricted by machine
access to attrs=emailforward
        by dn="uid=admin,ou=users,dc=debian,dc=org" write
        by self write
        by addr=127.0.0.1 read
	by domain=.*\.debian\.org read
	by * none
	
# Public self modifyable attributes
access to attrs=c,l,loginShell,ircNick,labeledURL
        by dn="uid=admin,ou=users,dc=debian,dc=org" write
        by self write
	
# Private self modifyable fields that are still viewable by other users
# in the directory.
access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onvacation
        by dn="uid=admin,ou=users,dc=debian,dc=org" write
        by self write
	by dn="uid=.*,ou=users,dc=debian,dc=org" read
	by * none
	
# Remainder	
access to * 
        by dn="uid=admin,ou=users,dc=debian,dc=org" write