It is necessary to load the schemas into ldap to have it understand
users:
My slapd.conf, some interesting points include the inclusion of the admin
user within the database definition. That makes my life easier, but it does
have the disadvantage of leaving the root dn's password sitting around in
your /etc/ldap/slapd.conf or what have you.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck off ## Turning this on might make useradd/userdel die
# The base of your directory
suffix "dc=griffin"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
#######################################################################
# ldbm database definitions
#######################################################################
## Allow only reading by default
defaultaccess read
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
rootdn "cn=admin, dc=griffin"
rootpw mypassword
# The base of your directory
suffix "dc=griffin"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="" write
by anonymous auth
by self write
by * none
access to attribute=loginShell
by dn="cn=admin, dc=griffin" write
by self write
by * read
access to *
by dn="cn=admin, dc=griffin" write
by * read