aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ldap/acl.ldif2
-rw-r--r--ldap/base.ldif8
-rw-r--r--ldap/syncrepl.ldif2
-rwxr-xr-xldap/test-user-acl.sh34
4 files changed, 23 insertions, 23 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index eef10a9..382c402 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -38,7 +38,7 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
attrs=entry,fvd,fvu,fva,fvl,fvlc,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias
filter=(&(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualUser)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(!(fripostIsStatusActive=FALSE))(!(fripostPendingToken=*)))
- by dn.exact="cn=SMTP,ou=services,o=mailHosting,dc=fripost,dc=dev" =rsd
+ by dn.exact="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=dev" =rsd
by users =0 break
#
# Anonymous can authenticate into the services. (But not read or write the password.)
diff --git a/ldap/base.ldif b/ldap/base.ldif
index e1a14fd..c31e109 100644
--- a/ldap/base.ldif
+++ b/ldap/base.ldif
@@ -25,15 +25,15 @@ description: Virtual mail hosting
# TODO: for postfix, it'd be more efficient and more secure to SASL-bind
# on a UNIX socket (EXTERNAL mechanism); wait for Postfix 2.8.
# TODO: IMAP, SASLauth, Amavis
-# TODO: if possible, make use GSSAPI/EXTERNAL for the services.
+# TODO: if possible, make use GSSAPI/EXTERNAL for the services and the replication.
dn: ou=services,o=mailHosting,dc=fripost,dc=dev
objectClass: organizationalUnit
-dn: cn=SMTP,ou=services,o=mailHosting,dc=fripost,dc=dev
+dn: cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=dev
objectClass: simpleSecurityObject
objectClass: organizationalRole
-userPassword: smtp
-description: Where Postfix bind to for LDAP lookups.
+userPassword: postfix
+description: Where Postfix binds to for its LDAP lookups.
dn: cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev
objectClass: simpleSecurityObject
diff --git a/ldap/syncrepl.ldif b/ldap/syncrepl.ldif
index d579e5c..441974b 100644
--- a/ldap/syncrepl.ldif
+++ b/ldap/syncrepl.ldif
@@ -21,7 +21,7 @@ replace: olcSyncRepl
olcSyncRepl: rid=000
provider=ldap://127.0.0.1:3890
bindmethod=simple
-binddn="cn=SMTP,ou=services,o=mailHosting,dc=fripost,dc=org"
+binddn="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=org"
credentials="xxxxxx"
type=refreshAndPersist
retry="5 5 300 +"
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index 3e53b48..221415c 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -1027,110 +1027,110 @@ done | grep -Ev '^(objectClass|creatorsName)=' | isOK '=0$' entry
SUFFIX="${SUFFIXS}"
echo
-echo "Service SMTP"
+echo "Service Postfix"
msg "Have =0 access on non-active or pending entries"
for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do
search -s base -b "${X},${SUFFIXV}" "(|(fripostIsStatusActive=TRUE)(fripostPendingToken=*))" | grep -q '^dn: ' && \
- checkACL "cn=SMTP" "${D}"
+ checkACL "cn=Postfix" "${D}"
done | isOK '=0$' entry
[ $? -eq 0 ] || exit $?
msg "Can read and search the domain attributes it needs"
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${D}" entry fvd fripostOptionalMaildrop
+ checkACL "cn=Postfix" "${D}" entry fvd fripostOptionalMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the domain attributes it needs"
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${D}" objectClass
+ checkACL "cn=Postfix" "${D}" objectClass
done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other domain attributes"
for D in ${DOMAINS}; do
- checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken fripostIsStatusActive
+ checkACL "cn=Postfix" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the user attributes it needs"
for U in ${USERS}; do
search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${U}" entry fvu fripostOptionalMaildrop
+ checkACL "cn=Postfix" "${U}" entry fvu fripostOptionalMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the user attributes it needs"
for U in ${USERS}; do
search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${U}" objectClass
+ checkACL "cn=Postfix" "${U}" objectClass
done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other user attributes"
for U in ${USERS}; do
- checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description fripostIsStatusActive
+ checkACL "cn=Postfix" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the alias attributes it needs"
for A in ${ALIASES}; do
search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${A}" entry fva fripostMaildrop
+ checkACL "cn=Postfix" "${A}" entry fva fripostMaildrop
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the alias attributes it needs"
for A in ${ALIASES}; do
search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${A}" objectClass
+ checkACL "cn=Postfix" "${A}" objectClass
done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other alias attributes"
for A in ${ALIASES}; do
- checkACL "cn=SMTP" "${A}" children ${OPERATTRS} fripostOwner description fripostIsStatusActive
+ checkACL "cn=Postfix" "${A}" children ${OPERATTRS} fripostOwner description fripostIsStatusActive
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the list attributes it needs"
for L in ${LISTS}; do
search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${L}" entry fvl fripostLocalAlias
+ checkACL "cn=Postfix" "${L}" entry fvl fripostLocalAlias
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the list attributes it needs"
for L in ${LISTS}; do
search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \
- checkACL "cn=SMTP" "${L}" objectClass
+ checkACL "cn=Postfix" "${L}" objectClass
done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list attributes"
for L in ${LISTS}; do
- checkACL "cn=SMTP" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description fripostIsStatusActive fripostPendingToken
+ checkACL "cn=Postfix" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description fripostIsStatusActive fripostPendingToken
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Can read and search the list command attributes it needs"
for LC in ${LISTSC}; do
- checkACL "cn=SMTP" "${LC}" entry fvlc fripostLocalAlias
+ checkACL "cn=Postfix" "${LC}" entry fvlc fripostLocalAlias
done | isOK '=rsd$' entry
[ $? -eq 0 ] || exit $?
msg "Can search the list command attributes it needs"
for LC in ${LISTSC}; do
- checkACL "cn=SMTP" "${LC}" objectClass
+ checkACL "cn=Postfix" "${LC}" objectClass
done | isOK '=s$' objectClass
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list command attributes"
for LC in ${LISTSC}; do
- checkACL "cn=SMTP" "${LC}" children ${OPERATTRS}
+ checkACL "cn=Postfix" "${LC}" children ${OPERATTRS}
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?