diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd
index b5af23538..491a366a5 100644
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@@ -24,29 +24,47 @@ cd /usr/share/yunohost/templates/slapd
   || sudo yunohost service saferemove -s slapd \
     /etc/ldap/slapd-yuno.conf
 
+# Retrieve current backend
+backend=$(sudo slapcat -n 0 | sed -n 's/^dn: olcDatabase={1}\(.*\),cn=config$/\1/p')
+
+# Save current database in case of a backend change
+BACKEND_CHANGE=0
+BACKUP_DIR="/var/backups/dc=yunohost,dc=org-${backend}-$(date +%s)"
+if [[ "$backend" != "mdb" && "$force" == "True" ]]; then
+    BACKEND_CHANGE=1
+    sudo mkdir -p "$BACKUP_DIR"
+    sudo slapcat -b dc=yunohost,dc=org \
+      -l "${BACKUP_DIR}/dc=yunohost-dc=org.ldif"
+fi
+
 safe_copy sudo.schema /etc/ldap/schema/sudo.schema
 safe_copy mailserver.schema /etc/ldap/schema/mailserver.schema
 safe_copy ldap.conf /etc/ldap/ldap.conf
 safe_copy slapd.default /etc/default/slapd
-
-# Compatibility: change from HDB to MDB on Jessie
-version=$(sed 's/\..*//' /etc/debian_version)
-if [[ "$version" == '8' ]]; then
-    cat slapd.conf \
-      | sed "s/hdb$/mdb/g" \
-      | sed "s/back_hdb/back_mdb/g" \
-      | sed "s/^dbconfig set_/#dbconfig set_/g" \
-      | sudo tee slapd.conf
-fi
-
 safe_copy slapd.conf /etc/ldap/slapd.conf
+
+# Fix some permissions
 sudo chown root:openldap /etc/ldap/slapd.conf
-sudo rm -Rf /etc/ldap/slapd.d
-sudo mkdir /etc/ldap/slapd.d
 sudo chown -R openldap:openldap /etc/ldap/schema/
 sudo chown -R openldap:openldap /etc/ldap/slapd.d/
 
-sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
-sudo chown -R openldap:openldap /etc/ldap/slapd.d/
+if [[ $BACKEND_CHANGE -eq 1 ]]; then
+    # Regenerate LDAP configuration and import database as root
+    # since the admin user may be unavailable
+    sudo sh -c "rm -Rf /etc/ldap/slapd.d;
+mkdir /etc/ldap/slapd.d;
+slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
+chown -R openldap:openldap /etc/ldap/slapd.d;
+slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
+  -l '${BACKUP_DIR}/dc=yunohost-dc=org.ldif';
+chown -R openldap:openldap /var/lib/ldap" 2>&1
+else
+    # Regenerate LDAP configuration from slapd.conf if it is valid
+    sudo slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ \
+      && (sudo rm -Rf /etc/ldap/slapd.d \
+          && sudo mkdir /etc/ldap/slapd.d \
+          && sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1)
+    sudo chown -R openldap:openldap /etc/ldap/slapd.d/
+fi
 
 sudo service slapd force-reload
diff --git a/data/templates/slapd/slapd.conf b/data/templates/slapd/slapd.conf
index f47e6761b..6178ae00e 100644
--- a/data/templates/slapd/slapd.conf
+++ b/data/templates/slapd/slapd.conf
@@ -22,14 +22,15 @@ pidfile         /var/run/slapd/slapd.pid
 # List of arguments that were passed to the server
 argsfile        /var/run/slapd/slapd.args
 
-password-hash   {SSHA}
-
 # Read slapd.conf(5) for possible values
-loglevel        256
+loglevel        none
+
+# Hashes to be used in generation of user passwords
+password-hash   {SSHA}
 
 # Where the dynamically loaded modules are stored
 modulepath	/usr/lib/ldap
-moduleload	back_hdb
+moduleload	back_mdb
 moduleload      memberof
 
 # The maximum number of entries that is returned for a search operation
@@ -40,26 +41,25 @@ sizelimit 500
 tool-threads 1
 
 #######################################################################
-# Specific Backend Directives for hdb:
+# Specific Backend Directives for mdb:
 # Backend specific directives apply to this backend until another
 # 'backend' directive occurs
-backend		hdb
+backend		mdb
 
 #######################################################################
-# Specific Backend Directives for 'other':
-# Backend specific directives apply to this backend until another
-# 'backend' directive occurs
-#backend		<other>
-
-#######################################################################
-# Specific Directives for database #1, of type hdb:
+# Specific Directives for database #1, of type mdb:
 # Database specific directives apply to this databasse until another
 # 'database' directive occurs
-database        hdb
+database        mdb
 
 # The base of your directory in database #1
 suffix          "dc=yunohost,dc=org"
 
+# rootdn directive for specifying a superuser on the database. This is needed
+# for syncrepl.
+# rootdn          "cn=admin,dc=yunohost,dc=org"
+
+# Where the database file are physically stored for database #1
 directory       "/var/lib/ldap"
 
 # The dbconfig settings are used to generate a DB_CONFIG file the first
@@ -67,10 +67,6 @@ directory       "/var/lib/ldap"
 # file.  You should therefore change these settings in DB_CONFIG directly
 # or remove DB_CONFIG and restart slapd for changes to take effect.
 
-# For the Debian package we use 2MB as default but be sure to update this
-# value if you have plenty of RAM
-dbconfig set_cachesize 0 2097152 0
-
 # Sven Hartge reported that he had to set this value incredibly high
 # to get slapd running at all. See http://bugs.debian.org/303057 for more
 # information.
@@ -83,9 +79,9 @@ dbconfig set_lk_max_locks 1500
 dbconfig set_lk_max_lockers 1500
 
 # Indexing options for database #1
-index           objectClass eq
-index   	uid eq,sub
-index           entryCSN,entryUUID eq
+index  objectClass         eq
+index  uid                 eq,sub
+index  entryCSN,entryUUID  eq
 
 # Save the time that the entry gets modified, for database #1
 lastmod         on
@@ -94,26 +90,25 @@ lastmod         on
 # failure and to speed slapd shutdown.
 checkpoint      512 30
 
-# Where to store the replica logs for database #1
-# replogfile	/var/lib/ldap/replog
-
 # The userPassword by default can be changed
 # by the entry owning it if they are authenticated.
 # Others should not be able to see it, except the
 # admin entry below
 # These access lines apply to database #1 only
-access to attrs=userPassword
+access to attrs=userPassword,shadowLastChange
         by dn="cn=admin,dc=yunohost,dc=org" write
-	by anonymous auth
+        by anonymous auth
         by self write
         by * none
 
+# Personnal information can be changed by the entry
+# owning it if they are authenticated.
+# Others should be able to see it.
 access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn
         by dn="cn=admin,dc=yunohost,dc=org" write
         by self write
         by * read
 
-
 # Ensure read access to the base for things like
 # supportedSASLMechanisms.  Without this you may
 # have problems with SASL not knowing what
@@ -129,14 +124,5 @@ access to dn.base="" by * read
 # can read everything.
 access to *
         by dn="cn=admin,dc=yunohost,dc=org" write
-	by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
-	by * read
-
-#######################################################################
-# Specific Directives for database #2, of type 'other' (can be hdb too):
-# Database specific directives apply to this databasse until another
-# 'database' directive occurs
-#database        <other>
-
-# The base of your directory for database #2
-#suffix		"dc=debian,dc=org"
+        by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
+        by * read