Для полноты картины приведу конфигурацию slapd.conf
slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd.pid
loglevel -8
disallow bind_anon
require authc
moduleload back_bdb.la
database bdb
suffix "dc=legolab, dc=local"
rootdn "cn=johndoe,dc=legolab,dc=local"
rootpw 11111
directory /var/db/openldap/legolab
access to attrs=userPassword
by anonymous auth
by * break
access to *
by dn.base="uid=nssproxy,ou=users,ou=legolab,dc=legolab,dc=local" read
by * break
access to attrs=userPassword,uid,mobile,homePostalAddress,homePhone,cn,employeeType,cn,givenName,sn
by group.exact="cn=legolabUsers,ou=groups,ou=legolab,dc=legolab,dc=local" none
by * break
access to attrs=userPassword,uid,cn
by group.exact="cn=hrstaff,ou=groups,ou=legolab,dc=legolab,dc=local" none
by * break
access to attrs=userPassword,uid,cn
by group.exact="cn=hr,ou=groups,ou=legolab,dc=legolab,dc=local" none
by * break
access to dn.subtree="ou=servers,ou=legolab,dc=legolab,dc=local"
by group.exact="cn=itstaff,ou=groups,ou=legolab,dc=legolab,dc=local" write
by users none
by * break
access to dn.subtree="ou=printers,ou=legolab,dc=legolab,dc=local"
by group.exact="cn=helpdesk,ou=groups,ou=legolab,dc=legolab,dc=local" write
by * break
access to *
by group.exact="cn=itstaff,ou=groups,ou=legolab,dc=legolab,dc=local" write
by users read
by * break
index uid eq
index cn,gn,mail eq,sub
index sn eq,sub
index ou eq
cachesize 2000
checkpoint 128 15