From 04afadf39d068affc59685fc433d3fcba2c9b9ff Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Sat, 15 Sep 2012 20:03:42 +0200
Subject: Reserved local parts.

---
 ldap/acl.ldif | 26 ++++++--------------------
 1 file changed, 6 insertions(+), 20 deletions(-)

(limited to 'ldap/acl.ldif')

diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index 212d4d9..e52e4d5 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -84,12 +84,16 @@ olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
         attrs=entry,creatorsName,fripostOwner,fripostPostmaster,fripostCanCreateAlias,fripostCanCreateList
     by users =s break
 #
-# Everyone can delete domains. (Provided he has +d access to the "entry"
-# attribute of the domains he wants to delete.)
+# Everyone can delete domains. (Provided s/he has +d access to the "entry"
+# attribute of the domains s/he wants to delete.)
 olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
         attrs=children
     by users =z
 #
+# Reserved local parts are reserved.
+olcAccess: to dn.regex="^(fvu|fva|fvl)=(postmaster|abuse),fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
+    by * none
+#
 # 1. The postmaster of a domain can give (or take back) people the right to create
 # aliases.
 # 2,3. People that can create aliases can list the members of the group.
@@ -186,24 +190,6 @@ olcAccess: to dn.regex="^fvu=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
     by group/fripostVirtualDomain/fripostPostmaster.expand="$1" +ard
     by self +rd
 #
-# Reserved aliases cannot be deactivated. (But the alias definition may be changed by the
-# domain owner.)
-olcAccess: to dn.regex="^fva=(abuse|postmaster),(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
-        filter=(objectClass=FripostVirtualAlias)
-        attrs=fripostIsStatusActive,fripostOwner,fva
-    by group/fripostVirtualDomain/fripostOwner.expand="$2" read
-    by group/fripostVirtualDomain/fripostPostmaster.expand="$2" read
-    by users +0
-#
-# Reserved aliases cannot be deleted.
-olcAccess: to dn.regex="^fva=(abuse|postmaster),(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
-        filter=(objectClass=FripostVirtualAlias)
-        attrs=entry
-    by group/fripostVirtualDomain/fripostOwner.expand="$2" +ard
-    by group/fripostVirtualDomain/fripostPostmaster.expand="$2" +ard
-    by set.exact="this/-1/fripostCanCreateAlias & (user | user/-1)" +a
-    by users +0
-#
 # 1. The alias owner can list the ownership of the entry.
 # 2. The domain owner can add/delete/change the ownership of the entry.
 # 3. So can the domain postmasters.
-- 
cgit v1.2.3