aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ldap/acl.ldif16
-rw-r--r--ldap/authz.ldif2
-rw-r--r--ldap/base.ldif4
-rwxr-xr-xldap/test-user-acl.sh20
4 files changed, 21 insertions, 21 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index 153470f..3cbbd24 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -64,7 +64,7 @@ olcAccess: to dn.one="ou=services,o=mailHosting,dc=fripost,dc=dev"
# 4,5. Other users need further access.
olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
by dn.onelevel="ou=managers,o=mailHosting,dc=fripost,dc=dev" =wrscd
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =0 break
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =0 break
by dn.exact="cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=dev" =0 break
by dn.onelevel="ou=services,o=mailHosting,dc=fripost,dc=dev" =0
by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" =0 break
@@ -96,7 +96,7 @@ olcAccess: to dn.subtree="o=mailHosting,dc=fripost,dc=dev"
olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
attrs=objectClass
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" =s
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =s
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =s
by dn.exact="cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=dev" =s
#
# 1. Users can search (e.g., to list the entries they have created).
@@ -125,7 +125,7 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
# Our service can search anywhere in the tree (for old pending entries).
olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
attrs=entry
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" +0 break
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" +0 break
by dn.onelevel="ou=services,o=mailHosting,dc=fripost,dc=dev" +s
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0 break
#
@@ -134,7 +134,7 @@ olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
attrs=children
by dn.exact="cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=dev" =z
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =0 break
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =0 break
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0 break
#
# Our service needs search access to list (old) pending entries.
@@ -336,7 +336,7 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
by dnattr=fripostOwner =scd
by group/fripostVirtualDomain/fripostOwner.expand="$1" =scd
by group/fripostVirtualDomain/fripostPostmaster.expand="$1" =scd
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =zsd
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =zsd
#
# 1. The list owners can edit their entry's attributes.
# 2. So can the domain owners.
@@ -362,19 +362,19 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
by group/fripostVirtualDomain/fripostPostmaster.expand="$1" +rad
by set.exact="this/-1/fripostCanAddList & (user | user/-1)" +a
by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =rsd
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =rsd
#
# The List Creator can add list commands.
olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
filter=(objectClass=FripostVirtualList)
attrs=children
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
#
# The List Creator can add list commands.
olcAccess: to dn.regex="^fvlc=[^,]+,fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
filter=(objectClass=FripostVirtualListCommand)
attrs=entry
- by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
+ by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
#
# Catch the "break" control above.
olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
diff --git a/ldap/authz.ldif b/ldap/authz.ldif
index 34a02df..85a13e0 100644
--- a/ldap/authz.ldif
+++ b/ldap/authz.ldif
@@ -4,7 +4,7 @@
#
# That will allow the SASL-authenticated user (service) to be
# reformatted into a proper DN under our services directory.
-#
+#
# SASL authentication can be checked with:
#
# ldapwhoami -U 'AdminWebPanel'
diff --git a/ldap/base.ldif b/ldap/base.ldif
index 4a40d3c..525fca6 100644
--- a/ldap/base.ldif
+++ b/ldap/base.ldif
@@ -32,11 +32,11 @@ objectClass: organizationalRole
userPassword: smtp
description: Where Postfix bind to for LDAP lookups.
-dn: cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev
+dn: cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: The entity that is authorized to add list commands
-userPassword: listcreator
+userPassword: createlist
dn: cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=dev
objectClass: simpleSecurityObject
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index 3023152..648f9c6 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -1124,60 +1124,60 @@ done | isOK '=0$' children
###########################################################################
echo
-echo "Service ListCreator"
+echo "Service CreateList"
msg "Have =0 access on domain attributes"
for D in ${DOMAINS}; do
- checkACL "cn=ListCreator" "${D}" entry children ${OPERATTRS} fvd fripostIsStatusActive fripostOptionalMaildrop fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken
+ checkACL "cn=CreateList" "${D}" entry children ${OPERATTRS} fvd fripostIsStatusActive fripostOptionalMaildrop fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken
done | isOK '=0$' entry
[ $? -eq 0 ] || exit $?
msg "Have =0 access on user attributes"
for U in ${USERS}; do
- checkACL "cn=ListCreator" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostUserQuota fripostOptionalMaildrop description
+ checkACL "cn=CreateList" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostUserQuota fripostOptionalMaildrop description
done | isOK '=0$' entry
[ $? -eq 0 ] || exit $?
msg "Have =0 access on alias attributes"
for A in ${ALIASES}; do
- checkACL "cn=ListCreator" "${A}" entry children ${OPERATTRS} fva fripostMaildrop fripostIsStatusActive fripostOwner description
+ checkACL "cn=CreateList" "${A}" entry children ${OPERATTRS} fva fripostMaildrop fripostIsStatusActive fripostOwner description
done | isOK '=0$' entry
[ $? -eq 0 ] || exit $?
msg "Have =zsd access on lists' pending status"
for L in ${LISTS}; do
- checkACL "cn=ListCreator" "${L}" fripostPendingToken
+ checkACL "cn=CreateList" "${L}" fripostPendingToken
done | isOK '=zsd$'
[ $? -eq 0 ] || exit $?
msg "Have =rsd access on lists' entry attribute"
for L in ${LISTS}; do
- checkACL "cn=ListCreator" "${L}" entry
+ checkACL "cn=CreateList" "${L}" entry
done | isOK '=rsd$'
[ $? -eq 0 ] || exit $?
msg "Have =a access on lists' children attribute"
for L in ${LISTS}; do
search -s base -b "${L},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \
- checkACL "cn=ListCreator" "${L}" children
+ checkACL "cn=CreateList" "${L}" children
done | isOK '=a$'
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list attributes"
for L in ${LISTS}; do
- checkACL "cn=ListCreator" "${L}" ${OPERATTRS} fvl fripostListManager fripostIsStatusActive fripostLocalAlias fripostOwner description
+ checkACL "cn=CreateList" "${L}" ${OPERATTRS} fvl fripostListManager fripostIsStatusActive fripostLocalAlias fripostOwner description
done | isOK '=0$' fvl
[ $? -eq 0 ] || exit $?
msg "Have =a access on list commands' entry attribute"
for LC in ${LISTSC}; do
- checkACL "cn=ListCreator" "${LC}" entry
+ checkACL "cn=CreateList" "${LC}" entry
done | isOK '=a$'
[ $? -eq 0 ] || exit $?
msg "Have =0 access on other list command attributes"
for LC in ${LISTSC}; do
- checkACL "cn=ListCreator" "${LC}" children ${OPERATTRS} fvlc fripostLocalAlias
+ checkACL "cn=CreateList" "${LC}" children ${OPERATTRS} fvlc fripostLocalAlias
done | isOK '=0$' children
[ $? -eq 0 ] || exit $?