dn: olcDatabase={@@@LDIFSCHEMANUMBER@@@}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {@@@LDIFSCHEMANUMBER@@@}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: @@@REALM_DCNAME@@@
olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey,pkiCertificate
  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
  by sockurl.regex="^ldapi:///$" write
  by anonymous auth
  by self write
  by * none
olcAccess: {1}to dn.base=""
  by * read
olcAccess: {2}to *
  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
  by sockurl.regex="^ldapi:///$" write
  by dynacl/aci write
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcLimits: dn.exact="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
olcRootPW: {SHA}@@@ROOTPW_SHA@@@
olcMonitoring: TRUE
olcDbCheckpoint: 512 30
olcDbNoSync: FALSE
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcDbIndex: krb5PrincipalName eq,pres
olcDbIndex: cn eq,pres,subinitial
olcDbIndex: mail eq,pres
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbMode: 0600
olcDbSearchStack: 16
olcPlugin: postoperation @@@TDELIBDIR@@@/slapi-acl-manager.so plugin_init admingroup-dn:=cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ realm:=@@@REALM_UCNAME@@@ aclfile:=@@@HEIMDALACLFILE@@@  builtinadmin:=@@@ROOTUSER@@@
structuralObjectClass: olcMdbConfig
creatorsName: cn=config
createTimestamp: @@@TIMESTAMP@@@Z
entryCSN: @@@TIMESTAMP@@@.@@@TIMESTAMP_MICROSECONDS@@@Z#000000#000#000000
entryUUID: @@@ENTRYUUID@@@
modifiersName: cn=config
modifyTimestamp: @@@TIMESTAMP@@@Z