Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F174610
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
28 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/docker/ldap/init.sh b/docker/ldap/init.sh
index d9ff2bc6..3f74c26f 100755
--- a/docker/ldap/init.sh
+++ b/docker/ldap/init.sh
@@ -1,809 +1,812 @@
#!/bin/bash
# Disable password checking
cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl
# Make sure all the relvant folders exist in /ldapdata
mkdir -p /ldapdata/{config,ssca,run}
chmod -R 777 /ldapdata
mkdir -p /var/log/dirsrv/slapd-kolab/
chmod 777 /var/log/dirsrv/slapd-kolab/
mkdir -p /run/dirsrv
chmod 777 /run/dirsrv
mkdir -p /run/lock/dirsrv/slapd-kolab/
chown dirsrv:dirsrv /run/lock/dirsrv/slapd-kolab/
chmod 777 /run/lock/dirsrv/slapd-kolab/
mkdir -p /var/lib/dirsrv/slapd-kolab
chown dirsrv:dirsrv /var/lib/dirsrv/slapd-kolab
if [ -f "/etc/dirsrv/slapd-kolab/dse.ldif" ]; then
echo "LDAP directory exists, nothing to do"
# mkdir -p /var/log/dirsrv/slapd-kolab/
# chmod 777 /var/log/dirsrv/slapd-kolab/
# systemctl start dirsrv@kolab
# mkdir /run/dirsrv
# chmod 777 /run/dirsrv
# mkdir -p /run/lock/dirsrv/slapd-kolab/
# chown dirsrv:dirsrv /run/lock/dirsrv/slapd-kolab/
# chmod 777 /run/lock/dirsrv/slapd-kolab/
# mkdir -p /var/lib/dirsrv/slapd-kolab
# chown dirsrv:dirsrv /var/lib/dirsrv/slapd-kolab
systemctl start dirsrv@kolab
exit 0
fi
# Used for the graphical console only.
GRAPHICAL_ADMIN_PASSWORD="-22F_EjHut5JCcd"
DS_INSTANCE_NAME="kolab"
DOMAIN="mgmt.com"
FQDN="ldap.mgmt.com"
cat << EOF > /tmp/dscreateinput
[general]
FullMachineName = ldap.mgmt.com
SuiteSpotUserID = dirsrv
SuiteSpotGroup = dirsrv
AdminDomain = mgmt.com
ConfigDirectoryLdapURL = ldap://ldap.mgmt.com:389/o=NetscapeRoot
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = $GRAPHICAL_ADMIN_PASSWORD
full_machine_name = ldap.mgmt.com
+selinux = false
[slapd]
SlapdConfigForMC = Yes
UseExistingMC = 0
ServerPort = 389
ServerIdentifier = kolab
Suffix = $LDAP_ADMIN_ROOT_DN
RootDN = cn=Directory Manager
RootDNPwd = $LDAP_ADMIN_BIND_PW
ds_bename = mgmt_com
AddSampleEntries = No
instance_name = $DS_INSTANCE_NAME
root_password = $LDAP_ADMIN_BIND_PW
create_suffix_entry = True
+db_home_dir = /run/dirsrv/dbhome/
+db_dir = /run/dirsrv/db/
[backend-userroot]
suffix = $LDAP_ADMIN_ROOT_DN
create_suffix_entry = True
[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = $GRAPHICAL_ADMIN_PASSWORD
EOF
dscreate -v from-file /tmp/dscreateinput
cp /usr/share/dirsrv/data/template.ldif /tmp/templatedata.ldif
sed -i "s/%ds_suffix%/$LDAP_BASE_DN/" /tmp/templatedata.ldif
sed -i "s/%rootdn%/cn=Directory Manager/" /tmp/templatedata.ldif
ldapadd -x -H 'ldap://127.0.0.1:389/' -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/templatedata.ldif
#FIXME in kolab container setup kolab.conf entries
cp /usr/share/doc/kolab-schema/kolab3.ldif /etc/dirsrv/slapd-kolab/schema/99kolab3.ldif
systemctl restart dirsrv.target
systemctl restart dirsrv@kolab
systemctl enable dirsrv.target
systemctl enable dirsrv@kolab
# I'm not sure why we need to create those manually
cat << EOF > /tmp/ldapadd
# Directory Administrators, mgmt.com
dn: cn=Directory Administrators,dc=mgmt,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager
# Groups, mgmt.com
dn: ou=Groups,dc=mgmt,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups
# People, mgmt.com
dn: ou=People,dc=mgmt,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
# Special Users, mgmt.com
dn: ou=Special Users,dc=mgmt,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
# Accounting Managers, Groups, mgmt.com
dn: cn=Accounting Managers,ou=Groups,dc=mgmt,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager
# HR Managers, Groups, mgmt.com
dn: cn=HR Managers,ou=Groups,dc=mgmt,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager
# QA Managers, Groups, mgmt.com
dn: cn=QA Managers,ou=Groups,dc=mgmt,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager
# PD Managers, Groups, mgmt.com
dn: cn=PD Managers,ou=Groups,dc=mgmt,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
## =========== Start of pykolab changes
# Work that pykolab used to do
#
cat << EOF > /tmp/ldapadd
# cyrus-admin, Special Users, mgmt.com
dn: uid=cyrus-admin,ou=Special Users,dc=mgmt,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
uid: cyrus-admin
givenName: Cyrus
sn: Administrator
cn: Cyrus Administrator
userPassword: ${IMAP_ADMIN_PW}
# kolab-service, Special Users, mgmt.com
dn: uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
uid: kolab-service
givenName: Kolab
sn: Service
cn: Kolab Service
userPassword: ${LDAP_SERVICE_BIND_PW}
# Resources, mgmt.com
dn: ou=Resources,dc=mgmt,dc=com
objectClass: top
objectClass: organizationalunit
ou: Resources
# Shared Folders, mgmt.com
dn: ou=Shared Folders,dc=mgmt,dc=com
objectClass: top
objectClass: organizationalunit
ou: Shared Folders
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
cat << EOF > /tmp/ldapadd
dn: cn=kolab,cn=config
cn: kolab
aci: (targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,$LDAP_ADMIN_ROOT_DN");)
objectClass: top
objectClass: extensibleobject
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Adding domain $DOMAIN to list of domains for this deployment"
cat << EOF > /tmp/ldapadd
dn: associateddomain=$DOMAIN,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
associatedDomain: $DOMAIN, $FQDN, localhost.localdomain, localhost
aci: (targetattr = "*") (version 3.0;acl "Read Access for $DOMAIN Users";allow (read,compare,search)(userdn = "ldap:///$LDAP_ADMIN_ROOT_DN??sub?(objectclass=*)");)
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
##TODO
## Add inetdomainbasedn in case the configured root dn is not the same as the
## standard root dn for the domain name configured
#if not _input['rootdn'] == utils.standard_root_dn(_input['domain']):
# attrs['objectclass'].append('inetdomain')
# attrs['inetdomainbasedn'] = _input['rootdn']
echo "Disabling anonymous binds"
cat << EOF > /tmp/ldapadd
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: off
EOF
ldapmodify -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
## TODO: Ensure the uid attribute is unique
## TODO^2: Consider renaming the general "attribute uniqueness to "uid attribute uniqueness"
echo "Enabling attribute uniqueness plugin"
cat << EOF > /tmp/ldapadd
dn: cn=attribute uniqueness,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF
ldapmodify -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Enabling referential integrity plugin"
cat << EOF > /tmp/ldapadd
dn: cn=referential integrity postoperation,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF
ldapmodify -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Enabling referential integrity plugin"
cat << EOF > /tmp/ldapadd
dn: cn=referential integrity postoperation,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF
ldapmodify -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Enabling and configuring account policy plugin"
cat << EOF > /tmp/ldapadd
dn: cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: alwaysrecordlogin
alwaysrecordlogin: yes
-
add: stateattrname
stateattrname: lastLoginTime
-
add: altstateattrname
altstateattrname: createTimestamp
EOF
ldapmodify -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Adding the kolab-admin role"
cat << EOF > /tmp/ldapadd
dn: cn=kolab-admin,$LDAP_ADMIN_ROOT_DN
description: Kolab Administrator
objectClass: top
objectClass: ldapsubentry
objectClass: nsroledefinition
objectClass: nssimpleroledefinition
objectClass: nsmanagedroledefinition
cn = kolab-admin
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
echo "Setting access control to $LDAP_ADMIN_ROOT_DN"
cat << EOF > /tmp/ldapadd
dn: $LDAP_ADMIN_ROOT_DN
changetype: modify
replace: aci
aci: (targetattr = "carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier || kolabDelegate || kolabInvitationPolicy || kolabAllowSMTPSender")(version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)
aci: (targetattr = "*")(version 3.0;acl "Directory Administrators Group";allow (all)(groupdn = "ldap:///cn=Directory Administrators,$LDAP_ADMIN_ROOT_DN" or roledn = "ldap:///cn=kolab-admin,$LDAP_ADMIN_ROOT_DN");)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-$DS_INSTANCE_NAME,cn=389 Directory Server,cn=Server Group,cn=$FQDN,ou=$DOMAIN,o=NetscapeRoot";)
aci: (targetattr != "userPassword") (version 3.0;acl "Search Access";allow (read,compare,search)(userdn = "ldap:///all");)')
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
## =========== End of pykolab code
# Create hosted kolab service
cat << EOF > /tmp/ldapadd
dn: uid=hosted-kolab-service,ou=Special Users,${LDAP_ADMIN_ROOT_DN}
objectclass: top
objectclass: inetorgperson
objectclass: person
uid: hosted-kolab-service
cn: Hosted Kolab Service Account
sn: Service Account
givenname: Hosted Kolab
userpassword: ${LDAP_HOSTED_BIND_PW}
EOF
ldapadd -x -h 127.0.0.1 -D "cn=Directory Manager" -w "$LDAP_ADMIN_BIND_PW" -f /tmp/ldapadd
export rootdn=$LDAP_ADMIN_ROOT_DN
export domain=$DOMAIN
export domain_db="mgmt_com"
export ldap_host=127.0.0.1
export ldap_binddn=${LDAP_ADMIN_BIND_DN}
export ldap_bindpw=${LDAP_ADMIN_BIND_PW}
export cyrus_admin=${IMAP_ADMIN_LOGIN}
export cyrus_admin_pw=${IMAP_ADMIN_PASSWORD}
export kolab_service_pw=${LDAP_SERVICE_BIND_PW}
export hosted_kolab_service_pw=${LDAP_HOSTED_BIND_PW}
export hosted_domain=${HOSTED_DOMAIN:-"hosted.com"}
export hosted_domain_db=${HOSTED_DOMAIN_DB:-"hosted_com"}
export hosted_domain_rootdn=${LDAP_HOSTED_ROOT_DN:-"dc=hosted,dc=com"}
export domain_base_dn=${LDAP_DOMAIN_BASE_DN:-"ou=Domains,dc=mgmt,dc=com"}
# Create ou domain
(
echo "dn: ou=Domains,${rootdn}"
echo "ou: Domains"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
# Create management domain
(
echo "dn: associateddomain=${domain},${domain_base_dn}"
echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
echo "inetDomainStatus: active"
echo "objectClass: top"
echo "objectClass: domainrelatedobject"
echo "objectClass: inetdomain"
echo "associatedDomain: ${domain}"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
# Create hosted domains
(
echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
echo "objectclass: top"
echo "objectclass: domainrelatedobject"
echo "objectclass: inetdomain"
echo "inetdomainstatus: active"
echo "associateddomain: ${hosted_domain}"
echo "inetdomainbasedn: ${hosted_domain_rootdn}"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
(
echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: extensibleobject"
echo "objectClass: nsbackendinstance"
echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
echo "nsslapd-suffix: ${hosted_domain_rootdn}"
echo "nsslapd-cachesize: -1"
echo "nsslapd-cachememsize: 10485760"
echo "nsslapd-readonly: off"
echo "nsslapd-require-index: off"
echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')"
echo "nsslapd-dncachememsize: 10485760"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
(
#On centos7
#echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config"
#On centos8
echo "dn: cn=\"${hosted_domain_rootdn}\",cn=mapping tree,cn=config"
echo "objectClass: top"
echo "objectClass: extensibleObject"
echo "objectClass: nsMappingTree"
echo "nsslapd-state: backend"
echo "cn: ${hosted_domain_rootdn}"
echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
(
echo "dn: ${hosted_domain_rootdn}"
echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)"
echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)"
echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)"
echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)"
echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-${DS_INSTANCE_NAME},cn=389 Directory Server,cn=Server Group,cn=$FQDN,ou=${domain},o=NetscapeRoot\";)"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
echo "objectClass: top"
echo "objectClass: domain"
echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
(
for role in "2fa-user" "activesync-user" "imap-user"; do
echo "dn: cn=${role},${hosted_domain_rootdn}"
echo "cn: ${role}"
echo "description: ${role} role"
echo "objectclass: top"
echo "objectclass: ldapsubentry"
echo "objectclass: nsmanagedroledefinition"
echo "objectclass: nsroledefinition"
echo "objectclass: nssimpleroledefinition"
echo ""
done
echo "dn: ou=Groups,${hosted_domain_rootdn}"
echo "ou: Groups"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
echo "dn: ou=People,${hosted_domain_rootdn}"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
echo "ou: People"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
echo "dn: ou=Special Users,${hosted_domain_rootdn}"
echo "ou: Special Users"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
echo "dn: ou=Resources,${hosted_domain_rootdn}"
echo "ou: Resources"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
echo "ou: Shared Folders"
echo "objectClass: top"
echo "objectClass: organizationalunit"
echo ""
echo "dn: uid=cyrus-admin,ou=Special Users,${hosted_domain_rootdn}"
echo "sn: Administrator"
echo "uid: cyrus-admin"
echo "objectClass: top"
echo "objectClass: person"
echo "objectClass: inetorgperson"
echo "objectClass: organizationalperson"
echo "givenName: Cyrus"
echo "cn: Cyrus Administrator"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
# Remove cn kolab cn config
(
echo "associateddomain=${domain},cn=kolab,cn=config"
echo "cn=kolab,cn=config"
) | ldapdelete -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
# Remove hosted service access from mgmt domain
(
echo "dn: associateddomain=${domain},ou=Domains,${rootdn}"
echo "changetype: modify"
echo "replace: aci"
echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
echo ""
) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
# Add alias attribute index
#
export index_attr=alias
(
echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectclass: top"
echo "objectclass: nsindex"
echo "cn: ${index_attr}"
echo "nsSystemIndex: false"
echo "nsindextype: pres"
echo "nsindextype: eq"
echo "nsindextype: sub"
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
(
echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config"
echo "objectclass: top"
echo "objectclass: extensibleObject"
echo "cn: ${hosted_domain_db} ${index_attr} index"
echo "nsinstance: ${hosted_domain_db}"
echo "nsIndexAttribute: ${index_attr}:pres"
echo "nsIndexAttribute: ${index_attr}:eq"
echo "nsIndexAttribute: ${index_attr}:sub"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
ldap_complete=0
while [ ${ldap_complete} -ne 1 ]; do
result=$(
ldapsearch \
-x \
-h "${ldap_host}" \
-D "${ldap_binddn}" \
-w "${ldap_bindpw}" \
-c \
-LLL \
-b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \
'(!(nstaskexitcode=0))' \
-s base 2>/dev/null
)
if [ -z "$result" ]; then
ldap_complete=1
echo ""
else
echo -n "."
sleep 1
fi
done
# Add VLV searches
(
echo "dn: cn=PVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvSearch"
echo "cn: PVS"
echo "vlvBase: ${hosted_domain_rootdn}"
echo "vlvScope: 2"
echo "vlvFilter: (objectclass=inetorgperson)"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
(
echo "dn: cn=RVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvSearch"
echo "cn: RVS"
echo "vlvBase: ${hosted_domain_rootdn}"
echo "vlvScope: 2"
echo "vlvFilter: (|(&(objectclass=kolabsharedfolder)(kolabfoldertype=event)(mail=*))(objectclass=groupofuniquenames)(objectclass=groupofurls))"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
(
echo "dn: cn=GVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvSearch"
echo "cn: GVS"
echo "vlvBase: ${hosted_domain_rootdn}"
echo "vlvScope: 2"
echo "vlvFilter: (|(objectclass=groupofuniquenames)(objectclass=groupofurls))"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then
(
echo "dn: cn=DVS,cn=${domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvSearch"
echo "cn: DVS"
echo "vlvBase: ${domain_base_dn}"
echo "vlvScope: 2"
echo "vlvFilter: (objectclass=domainrelatedobject)"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
fi
# Add vlv indexes
(
echo "dn: cn=PVI,cn=PVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvIndex"
echo "cn: PVI"
echo "vlvSort: displayname sn givenname cn"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
(
echo "dn: cn=RVI,cn=RVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvIndex"
echo "cn: RVI"
echo "vlvSort: cn"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
(
echo "dn: cn=GVI,cn=GVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvIndex"
echo "cn: GVI"
echo "vlvSort: cn"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then
(
echo "dn: cn=DVI,cn=DVS,cn=${domain_db},cn=ldbm database,cn=plugins,cn=config"
echo "objectClass: top"
echo "objectClass: vlvIndex"
echo "cn: DVI"
echo "vlvSort: associatedDomain"
echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)"
echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
fi
# Run vlv index tasks
(
echo "dn: cn=PVI,cn=index,cn=tasks,cn=config"
echo "objectclass: top"
echo "objectclass: extensibleObject"
echo "cn: PVI"
echo "nsinstance: ${hosted_domain_db}"
echo "nsIndexVLVAttribute: PVI"
echo ""
) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
ldap_complete=0
while [ ${ldap_complete} -ne 1 ]; do
result=$(
ldapsearch \
-x \
-h ${ldap_host} \
-D "${ldap_binddn}" \
-w "${ldap_bindpw}" \
-c \
-LLL \
-b "cn=PVI,cn=index,cn=tasks,cn=config" \
'(!(nstaskexitcode=0))' \
-s base 2>/dev/null
)
if [ -z "$result" ]; then
ldap_complete=1
echo ""
else
echo -n "."
sleep 1
fi
done
(
echo "dn: cn=RVI,cn=index,cn=tasks,cn=config"
echo "objectclass: top"
echo "objectclass: extensibleObject"
echo "cn: RVI"
echo "nsinstance: ${hosted_domain_db}"
echo "nsIndexVLVAttribute: RVI"
echo ""
) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
ldap_complete=0
while [ ${ldap_complete} -ne 1 ]; do
result=$(
ldapsearch \
-x \
-h ${ldap_host} \
-D "${ldap_binddn}" \
-w "${ldap_bindpw}" \
-c \
-LLL \
-b "cn=RVI,cn=index,cn=tasks,cn=config" \
'(!(nstaskexitcode=0))' \
-s base 2>/dev/null
)
if [ -z "$result" ]; then
ldap_complete=1
echo ""
else
echo -n "."
sleep 1
fi
done
(
echo "dn: cn=GVI,cn=index,cn=tasks,cn=config"
echo "objectclass: top"
echo "objectclass: extensibleObject"
echo "cn: GVI"
echo "nsinstance: ${hosted_domain_db}"
echo "nsIndexVLVAttribute: GVI"
echo ""
) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
ldap_complete=0
while [ ${ldap_complete} -ne 1 ]; do
result=$(
ldapsearch \
-x \
-h ${ldap_host} \
-D "${ldap_binddn}" \
-w "${ldap_bindpw}" \
-c \
-LLL \
-b "cn=GVI,cn=index,cn=tasks,cn=config" \
'(!(nstaskexitcode=0))' \
-s base 2>/dev/null
)
if [ -z "$result" ]; then
ldap_complete=1
echo ""
else
echo -n "."
sleep 1
fi
done
if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then
(
echo "dn: cn=DVI,cn=index,cn=tasks,cn=config"
echo "objectclass: top"
echo "objectclass: extensibleObject"
echo "cn: DVI"
echo "nsinstance: ${domain_db}"
echo "nsIndexVLVAttribute: DVI"
echo ""
) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
ldap_complete=0
while [ ${ldap_complete} -ne 1 ]; do
result=$(
ldapsearch \
-x \
-h ${ldap_host} \
-D "${ldap_binddn}" \
-w "${ldap_bindpw}" \
-c \
-LLL \
-b "cn=DVI,cn=index,cn=tasks,cn=config" \
'(!(nstaskexitcode=0))' \
-s base 2>/dev/null
)
if [ -z "$result" ]; then
ldap_complete=1
echo ""
else
echo -n "."
sleep 1
fi
done
fi
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jan 18, 4:01 PM (4 h, 55 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
119968
Default Alt Text
(28 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment