Most of the configuration of the ldap server has to do with getting correct
access controls to keep the data safe. Here is a sample:


# only allow plain text auth when we do crypto
security simple_bind=128

# and the database definition
include /etc/ldap/userdir-ldap-slapd.conf

# Overlays are useful to enforce constraints:

moduleload /usr/lib/ldap/unique.so
overlay unique
unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub

# Constraints are useful
moduleload /usr/lib/ldap/constraint.so
overlay constraint
constraint_attribute mailContentInspectionAction regex ^([mM][aA][rR][kK][uU][pP]|[bB][lL][aA][cC][kK][hH][oO][lL][eE]|[rR][eE][jJ][eE][cC][tT])$
constraint_attribute gender regex ^(1|2|9|[mM][aA][lL][eE]|[fF][eE][mM][aA][lL][eE]|[uU][nN][sS][pP][eE][cC][iI][fF][iI][eE][dD])$

# End----------

Note that in more modern versions of slapd, the "by addr" and "by domain"
syntax has changed and the following should be used instead:
        by peername.ip=127.0.0.1 read
        by domain.subtree=debian.org read



Here is the initial seed file to import and setup the proper entries:

dn: dc=org
dc: net
objectClass: top
objectClass: domain

dn: dc=debian,dc=org
dc: visi
objectClass: top
objectClass: domain

dn: ou=users,dc=debian,dc=org
ou: users
objectClass: top
objectClass: organizationalUnit

dn: uid=admin,ou=users,dc=debian,dc=org
uid: admin
cn: LDAP administrator
objectClass: top
objectClass: groupOfNames
userPassword: {crypt}?????
member: uid=jgg,ou=users,dc=debian,dc=org
member: uid=joey,ou=users,dc=debian,dc=org
member: uid=troup,ou=users,dc=debian,dc=org
mail: debian-admin@debian.org