openLDAP Proxy with Meta Backend

saslauthd.conf

# /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=%d,dc=local
ldap_timeout: 10
ldap_filter: (|(uid=%U)(SAMACCOUNTNAME=%U))
ldap_bind_dn: cn=Manager,dc=local
ldap_password: secret
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind

slapd.conf

# Load all the Schemas
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args


# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by running
# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
# at self-signed certificates, however.
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password


#######################################################################
# database definitions
#######################################################################

database	bdb
suffix		"dc=proxy,dc=ldap"
rootdn		"cn=Manager,dc=proxy,dc=ldap"
rootpw		secret

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Auth options
####################################
sasl-host       localhost
sasl-secprops   none
password-hash   {CLEARTEXT}

# Meta Databases
database        meta
suffix          "dc=local"
rootdn          "cn=Manager,dc=local"
rootpw          secret

# zimbra
uri ldap://zimbra-server.example.com/ou=zimbra,dc=local

lastmod       off
suffixmassage   "ou=zimbra,dc=local" "ou=people,dc=example,dc=com"
idassert-bind bindmethod=simple
   binddn="uid=zimbra,cn=admins,cn=zimbra"
   credentials="password"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"


# Samba4
uri  ldap://samba4-server.example.com/ou=samba4,dc=local

lastmod       off
suffixmassage "ou=samba4,dc=local" "ou=users,dc=example,dc=com"
idassert-bind bindmethod=simple
  binddn="cn=manager,cn=users,dc=example,dc=com"
  credentials="password"
  mode=none
  flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"