From ded29bf9eb3fa40c56eb9ace365d13e6348e215c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 20 Aug 2012 01:53:16 +0200 Subject: A little test suite for LDAP ACLs. --- ldap/README | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 ldap/README (limited to 'ldap/README') diff --git a/ldap/README b/ldap/README new file mode 100644 index 0000000..037ae65 --- /dev/null +++ b/ldap/README @@ -0,0 +1,30 @@ +/!\ This work is still in developpement, DO NOT run/install that on a +production server! + + +Since the user now have (partial) write access to the LDAP directory, it +is of crucial importance to configure the ACL properly. + + * "populate.ldif" is meant to provide at least an example of every +single situation we may encounter in our directory. + + * "test-user-acl.sh" checks the database against the ACLs. + + +/!\ Every modification to the schema or the ACLs should be made to +"populate.ldif" and "test-user-acl.sh" too! + + +Usage: + + * Load the ACLs: + + ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif + + * Repopulate the database (will clear it out first!): + + ldapdelete -Y EXTERNAL -H ldapi:/// -r "ou=virtual,o=mailHosting,dc=fripost,dc=dev" ; ldapadd -Y EXTERNAL -H ldapi:/// -f populate.ldif + + * Running the test suite: + + sudo ./test-user-acl.sh -- cgit v1.2.3