aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-26 20:31:15 +0100
committerGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-26 20:31:15 +0100
commit7b25e9b697d8536460105fb5815c7fcf8227492d (patch)
tree68481bc62278d1f8c22443606e1aa559078d2ef0
parent9c01ed08ac100cfc8a0f5ba3ed197969fafaf6e5 (diff)
Users can't see the local aliases.
-rw-r--r--ldap/acl.ldif6
-rwxr-xr-xldap/test-user-acl.sh6
2 files changed, 10 insertions, 2 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index e7272f0..7b19d5f 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -336,6 +336,12 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
by group/FripostVirtualDomain/fripostOwner.expand="$1" =rscd
by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =rscd
#
+# Local aliases are for internal use only.
+olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
+ filter=(objectClass=FripostVirtualList)
+ attrs=fripostLocalAlias
+ by * =0
+#
# 1. The list owners can edit their entry's attributes.
# 2. So can the domain owners.
# 3. So can the domain postmasters.
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index ee09fc9..cfa577d 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -911,6 +911,8 @@ echo "Authenticated users, access to list entries"
# +w if domain owner or domain postmaster
# * description:
# =wrscd if list owner, domain owner or domain postmaster
+# * localAlias:
+# =0 for all
usersL () {
for U in ${USERS}; do
@@ -926,8 +928,8 @@ usersL fripostOwner/search entry/search | isOK 'ALLOWED$' entry
[ $? -eq 0 ] || exit $?
-msg "Have =0 access the \"children\" and operational attributes"
-usersL children ${OPERATTRS} | isOK '=0$' children
+msg "Have =0 access the \"children\", \"localAlias\" and operational attributes"
+usersL children fripostLocalAlias ${OPERATTRS} | isOK '=0$' children
[ $? -eq 0 ] || exit $?