diff options
Diffstat (limited to 'ldap/test-user-acl.sh')
-rwxr-xr-x | ldap/test-user-acl.sh | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index 12f3d14..c55916e 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -70,7 +70,7 @@ search () { DOMAINS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualDomain" dn | \ grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+),.*/fvd=\1/') -USERS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualMailbox" dn | \ +USERS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualUser" dn | \ grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fvu=\1,fvd=\2/') ALIASES=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualAlias" dn | \ grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fva=\1,fvd=\2/') @@ -451,7 +451,7 @@ echo "Authenticated users, access to user entries" # =w if account owner or domain postmaster # * fripostIsStatusActive: # =wrscd if account owner or domain postmaster -# * fripostMailboxQuota: +# * fripostUserQuota: # =rscd if account owner or domain postmaster # * fripostOptionalMaildrop: # =wrscd if account owner or domain postmaster @@ -464,10 +464,10 @@ usersU () { done } -# They would need write access to their fripostMailboxQuota. +# They would need write access to their fripostUserQuota. # In practice they can't write fvu either, since it's single valued. -msg "Have =rscxd access to their \"fripostMailboxQuota\"" -usersU fripostMailboxQuota | isOK 'read(=rscxd)$' +msg "Have =rscxd access to their \"fripostUserQuota\"" +usersU fripostUserQuota | isOK 'read(=rscxd)$' [ $? -eq 0 ] || exit $? msg "Have =wd access to their own \"userPassword\"" @@ -500,7 +500,7 @@ for U1 in ${USERS}; do checkACL "${U1}" "${U2}" entry children \ fvu userPassword \ fripostIsStatusActive \ - fripostMailboxQuota \ + fripostUserQuota \ fripostOptionalMaildrop \ description done @@ -519,8 +519,8 @@ usersP () { done } -msg "Have =rscxd access to their user's \"fripostMailboxQuota\" (if Postmaster)" -usersP fripostMailboxQuota | isOK 'read(=rscxd)$' +msg "Have =rscxd access to their user's \"fripostUserQuota\" (if Postmaster)" +usersP fripostUserQuota | isOK 'read(=rscxd)$' [ $? -eq 0 ] || exit $? msg "Have =wd access to their user's \"userPassword\" (if Postmaster)" @@ -896,14 +896,14 @@ for D in ${DOMAINS}; do checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanCreateAlias fripostCanCreateList fripostOwner fripostPostmaster description done | isOK 'none(=0)$' children -msg "Can read and search the mailbox attributes it needs" +msg "Can read and search the user attributes it needs" for U in ${USERS}; do checkACL "cn=SMTP" "${U}" entry objectClass fvu fripostIsStatusActive fripostOptionalMaildrop done | isOK '=rsd$' entry -msg "Have =0 access on other mailbox attributes" +msg "Have =0 access on other user attributes" for U in ${USERS}; do - checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostMailboxQuota description + checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUser description done | isOK 'none(=0)$' children msg "Can read and search the alias attributes it needs" @@ -947,9 +947,9 @@ for D in ${DOMAINS}; do checkACL "cn=ListCreator" "${D}" entry children ${OPERATTRS} fvd fripostIsStatusActive fripostOptionalMaildrop fripostCanCreateAlias fripostCanCreateList fripostOwner fripostPostmaster description done | isOK '=0$' entry -msg "Have =0 access on mailbox attributes" +msg "Have =0 access on user attributes" for U in ${USERS}; do - checkACL "cn=ListCreator" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostMailboxQuota fripostOptionalMaildrop description + checkACL "cn=ListCreator" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostUserQuota fripostOptionalMaildrop description done | isOK '=0$' entry msg "Have =0 access on alias attributes" @@ -998,9 +998,9 @@ for D in ${DOMAINS}; do checkACL "cn=AdminWebPanel" "${D}" entry children ${OPERATTRS} fvd fripostIsStatusActive fripostOptionalMaildrop fripostCanCreateAlias fripostCanCreateList fripostOwner fripostPostmaster description done | isOK 'none(=0)$' entry -msg "Have =0 access on mailbox attributes" +msg "Have =0 access on user attributes" for U in ${USERS}; do - checkACL "cn=AdminWebPanel" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostMailboxQuota fripostOptionalMaildrop description + checkACL "cn=AdminWebPanel" "${U}" entry children ${OPERATTRS} fvu userPassword fripostIsStatusActive fripostUserQuota fripostOptionalMaildrop description done | isOK 'none(=0)$' entry msg "Have =0 access on alias attributes" |