openldap/servers/slapd/back-meta/data/slapd-ldap-rewrite.conf

#
# master slapd config -- for testing of ldap metadirectory rewrite
#
ucdata-path	./ucdata
include		./schema/core.schema
include		./schema/cosine.schema
include		./schema/inetorgperson.schema
#
schemacheck	off
#
pidfile		./meta-db/slapd.pid
argsfile	./meta-db/slapd.args

access to attr=userPassword 
	by anonymous auth
	by self write

access to dn.regex="[^,]+,ou=People,dc=[^,]+,o=Foo Bar,c=US" attr=sn
	by group.exact="cn=Users,ou=Groups,dc=bar,o=Foo Bar,c=US" read
	by * none

access to dn.regex="[^,]+,ou=Groups,dc=[^,]+,o=Foo Bar,c=US" attr=cn
	by group.exact="cn=Users,ou=Groups,dc=bar,o=Foo Bar,c=US" read
	by * none

#access to dn.regex="[^,]+,ou=Groups,dc=[^,]+,o=Foo Bar,c=US" attr=cn
#	by dnattr=member read
#	by * none

access to * 
	by * read

#######################################################################
# ldbm database definitions
#######################################################################

include		./slapd-ldbm.conf

#######################################################################
# ldap database with suffix massage definitions
#######################################################################

include		./slapd-ldap.conf