aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ldap/fripost.ldif27
-rw-r--r--ldap/index.ldif15
-rw-r--r--ldap/populate.ldif1
-rw-r--r--ldap/syncrepl.ldif2
-rwxr-xr-xldap/test-user-acl.sh14
5 files changed, 32 insertions, 27 deletions
diff --git a/ldap/fripost.ldif b/ldap/fripost.ldif
index e0052a3..81602d5 100644
--- a/ldap/fripost.ldif
+++ b/ldap/fripost.ldif
@@ -76,33 +76,42 @@ olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.6 NAME 'fripostMaildrop'
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.7 NAME 'fripostIsStatusActive'
+# We are creating a new attribute, optional in virtual domains and
+# mailboxes, because the presence index should *not* apply to the
+# mandatory attribute above.
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.7 NAME 'fripostOptionalMaildrop'
+ DESC 'An optional email address for catch-all aliases on domains and mailboxes'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.8 NAME 'fripostIsStatusActive'
DESC 'Is the entry active?'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.8 NAME 'fripostMailboxQuota'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.9 NAME 'fripostMailboxQuota'
DESC 'The quota on a mailbox e.g., "50MB"'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} SINGLE-VALUE )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.9 NAME 'fripostCanCreateAlias'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.10 NAME 'fripostCanCreateAlias'
DESC 'A user/domain that can create aliases for the parent domain'
SUP distinguishedName )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.10 NAME 'fripostCanCreateML'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.11 NAME 'fripostCanCreateML'
DESC 'A user/domain that can create mailing lists for the parent domain'
SUP distinguishedName )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.11 NAME 'fripostOwner'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.12 NAME 'fripostOwner'
DESC 'A user that owns the parent domain'
SUP distinguishedName )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.12 NAME 'fripostPostmaster'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.13 NAME 'fripostPostmaster'
DESC 'A user that is a postmaster of the parent domain'
SUP distinguishedName )
#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.13 NAME 'fripostMLManager'
+olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.14 NAME 'fripostMLManager'
DESC 'A mailing list manager'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
@@ -117,14 +126,14 @@ olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.1 NAME 'FripostVirtualDomain'
MUST ( fvd $ fripostIsStatusActive )
MAY ( fripostCanCreateAlias $ fripostCanCreateML $
fripostOwner $ fripostPostmaster $
- fripostMaildrop $ description ) )
+ fripostOptionalMaildrop $ description ) )
#
# | TODO: add limits here
olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.2 NAME 'FripostVirtualMailbox'
SUP top STRUCTURAL
DESC 'Virtual mailbox'
MUST ( fvu $ userPassword $ fripostIsStatusActive )
- MAY ( fripostMailboxQuota $ fripostMaildrop $ cn $ description) )
+ MAY ( fripostMailboxQuota $ fripostOptionalMaildrop $ cn $ description) )
#
olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualAlias'
SUP top STRUCTURAL
diff --git a/ldap/index.ldif b/ldap/index.ldif
index d5f31a5..6d7089a 100644
--- a/ldap/index.ldif
+++ b/ldap/index.ldif
@@ -26,19 +26,14 @@ changetype: modify
replace: olcDbIndex
olcDbIndex: objectClass eq
-
+# Let us make Postfix's job easier.
add: olcDbIndex
-olcDbIndex: fripostIsStatusActive eq
+olcDbIndex: fripostIsStatusActive,fvd,fvu,fva,fvml,fripostMLCommand,fripostMLManager eq
-
+# Let us make Postfix's job easier.
add: olcDbIndex
-olcDbIndex: fvd,fvu,fva,fvml,fripostMLCommand,fripostMLManager eq
+olcDbIndex: fripostOptionalMaildrop pres
-
-add: olcDbIndex
-olcDbIndex: fripostMaildrop pres
-# ^ TODO: a presence index on fripostMaildrop is not optimal, as the
-# attribute is not very rare...
-# Having a different attribute for the virtualMailbox object class would
-# be better.
--
-# synprov specific indexing (provider side)
+# SyncProv/SyncRepl specific indexing
add: olcDbIndex
olcDbIndex: entryCSN,entryUUID eq
diff --git a/ldap/populate.ldif b/ldap/populate.ldif
index 04d5177..57681b5 100644
--- a/ldap/populate.ldif
+++ b/ldap/populate.ldif
@@ -35,6 +35,7 @@ dn: fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev
objectClass: fripostVirtualMailbox
userPassword: user1
fripostIsStatusActive: TRUE
+fripostOptionalMaildrop: user1@external.org
dn: fvu=user2,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev
objectClass: fripostVirtualMailbox
diff --git a/ldap/syncrepl.ldif b/ldap/syncrepl.ldif
index 6b9c378..9dbd30a 100644
--- a/ldap/syncrepl.ldif
+++ b/ldap/syncrepl.ldif
@@ -27,7 +27,7 @@ type=refreshAndPersist
retry="5 5 300 +"
searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org"
filter="(&(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualMailbox)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualML))(fripostIsStatusActive=TRUE))"
-attrs="fripostIsStatusActive,fripostMaildrop,fvd,fvu,fva,fvml,fripostMLCommand,fripostMLManager"
+attrs="fripostIsStatusActive,fripostMaildrop,fripostOptionalMaildrop,fvd,fvu,fva,fvml,fripostMLCommand,fripostMLManager"
scope=sub
schemachecking=off
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index 4b233ef..26298f9 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -186,7 +186,7 @@ echo "Authenticated users, access to domain entries"
# =s for all
# +d if children
# +rc if canCreate{Alias,ML}, owner or postmaster
-# * fripostMaildrop
+# * fripostOptionalMaildrop
# =wrscd if owner or postmaster
# * description
# =rscd if children, canCreate{Alias,ML}, owner or postmaster
@@ -304,7 +304,7 @@ msg "Have =wrscd to the domain attributes (other than \"canCreate\"), and >=w to
ATTRSO="entry/delete
fvd/write
fripostIsStatusActive/write
- fripostMaildrop/delete fripostMaildrop/add fripostMaildrop/read fripostMaildrop/search fripostMaildrop/compare fripostMaildrop/disclose
+ fripostOptionalMaildrop/delete fripostOptionalMaildrop/add fripostOptionalMaildrop/read fripostOptionalMaildrop/search fripostOptionalMaildrop/compare fripostOptionalMaildrop/disclose
description/add description/delete"
for U in ${USERS}; do
for D in ${DOMAINS}; do
@@ -397,7 +397,7 @@ done | isOK '\(=0\|DENIED\)$' entry # "entry" here is useless, but it's just to
# not (3 or 4)
-msg "Have =0 access to \"fripostMaildrop\" (unless Owner or Postmaster)"
+msg "Have =0 access to \"fripostOptionalMaildrop\" (unless Owner or Postmaster)"
for U in ${USERS}; do
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIX}" "(|(fripostOwner=${U},${SUFFIX})
@@ -439,7 +439,7 @@ echo "Authenticated users, access to user entries"
# =wrscd if account owner or domain postmaster
# * fripostMailboxQuota:
# =rscd if account owner or domain postmaster
-# * fripostMaildrop:
+# * fripostOptionalMaildrop:
# =wrscd if account owner or domain postmaster
# * cn:
# =wrscd if account owner or domain postmaster
@@ -463,7 +463,7 @@ usersU userPassword | isOK '=w$'
[ $? -eq 0 ] || exit $?
msg "Have =wrscxd access to the other attributes of their own entry"
-usersU fvu fripostIsStatusActive fripostMaildrop cn description | isOK 'write(=wrscxd)$' fvu
+usersU fvu fripostIsStatusActive fripostOptionalMaildrop cn description | isOK 'write(=wrscxd)$' fvu
[ $? -eq 0 ] || exit $?
msg "Have >=rsd access to the \"entry\" attribute of their own entry"
@@ -485,7 +485,7 @@ for U1 in ${USERS}; do
fvu userPassword \
fripostIsStatusActive \
fripostMailboxQuota \
- fripostMaildrop \
+ fripostOptionalMaildrop \
cn description
done
done | isOK '=0$' entry
@@ -512,7 +512,7 @@ usersP userPassword | isOK '=w$'
[ $? -eq 0 ] || exit $?
msg "Have =wrscxd access to the other attributes of their users' entry (if Postmaster)"
-usersP fvu fripostIsStatusActive fripostMaildrop cn description | isOK 'write(=wrscxd)$' fvu
+usersP fvu fripostIsStatusActive fripostOptionalMaildrop cn description | isOK 'write(=wrscxd)$' fvu
[ $? -eq 0 ] || exit $?
# "+a" is needed to create new accounts. "+z" would be required to