From 7b25e9b697d8536460105fb5815c7fcf8227492d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 26 Jan 2013 20:31:15 +0100 Subject: Users can't see the local aliases. --- ldap/acl.ldif | 6 ++++++ ldap/test-user-acl.sh | 6 ++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ldap/acl.ldif b/ldap/acl.ldif index e7272f0..7b19d5f 100644 --- a/ldap/acl.ldif +++ b/ldap/acl.ldif @@ -336,6 +336,12 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos by group/FripostVirtualDomain/fripostOwner.expand="$1" =rscd by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =rscd # +# Local aliases are for internal use only. +olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$" + filter=(objectClass=FripostVirtualList) + attrs=fripostLocalAlias + by * =0 +# # 1. The list owners can edit their entry's attributes. # 2. So can the domain owners. # 3. So can the domain postmasters. diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index ee09fc9..cfa577d 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -911,6 +911,8 @@ echo "Authenticated users, access to list entries" # +w if domain owner or domain postmaster # * description: # =wrscd if list owner, domain owner or domain postmaster +# * localAlias: +# =0 for all usersL () { for U in ${USERS}; do @@ -926,8 +928,8 @@ usersL fripostOwner/search entry/search | isOK 'ALLOWED$' entry [ $? -eq 0 ] || exit $? -msg "Have =0 access the \"children\" and operational attributes" -usersL children ${OPERATTRS} | isOK '=0$' children +msg "Have =0 access the \"children\", \"localAlias\" and operational attributes" +usersL children fripostLocalAlias ${OPERATTRS} | isOK '=0$' children [ $? -eq 0 ] || exit $? -- cgit v1.2.3