diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-26 20:31:15 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-26 20:31:15 +0100 |
commit | 7b25e9b697d8536460105fb5815c7fcf8227492d (patch) | |
tree | 68481bc62278d1f8c22443606e1aa559078d2ef0 | |
parent | 9c01ed08ac100cfc8a0f5ba3ed197969fafaf6e5 (diff) |
Users can't see the local aliases.
-rw-r--r-- | ldap/acl.ldif | 6 | ||||
-rwxr-xr-x | ldap/test-user-acl.sh | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif index e7272f0..7b19d5f 100644 --- a/ldap/acl.ldif +++ b/ldap/acl.ldif @@ -336,6 +336,12 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos by group/FripostVirtualDomain/fripostOwner.expand="$1" =rscd by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =rscd # +# Local aliases are for internal use only. +olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$" + filter=(objectClass=FripostVirtualList) + attrs=fripostLocalAlias + by * =0 +# # 1. The list owners can edit their entry's attributes. # 2. So can the domain owners. # 3. So can the domain postmasters. diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index ee09fc9..cfa577d 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -911,6 +911,8 @@ echo "Authenticated users, access to list entries" # +w if domain owner or domain postmaster # * description: # =wrscd if list owner, domain owner or domain postmaster +# * localAlias: +# =0 for all usersL () { for U in ${USERS}; do @@ -926,8 +928,8 @@ usersL fripostOwner/search entry/search | isOK 'ALLOWED$' entry [ $? -eq 0 ] || exit $? -msg "Have =0 access the \"children\" and operational attributes" -usersL children ${OPERATTRS} | isOK '=0$' children +msg "Have =0 access the \"children\", \"localAlias\" and operational attributes" +usersL children fripostLocalAlias ${OPERATTRS} | isOK '=0$' children [ $? -eq 0 ] || exit $? |