From ded29bf9eb3fa40c56eb9ace365d13e6348e215c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 20 Aug 2012 01:53:16 +0200 Subject: A little test suite for LDAP ACLs. --- ldap/fripost.ldif | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 ldap/fripost.ldif (limited to 'ldap/fripost.ldif') diff --git a/ldap/fripost.ldif b/ldap/fripost.ldif new file mode 100644 index 0000000..e0052a3 --- /dev/null +++ b/ldap/fripost.ldif @@ -0,0 +1,140 @@ +# Load this file with +# +# ldapadd -Y EXTERNAL -H ldapi:/// -f fripost.ldif +# +# It will load the schema. To perform modifications, the easiest way is to +# +# * Save the database: slapcat -b 'o=mailHosting,dc=fripost,dc=dev' > /tmp/db.ldif +# * Save the configuration: slapcat -n0 > /tmp/config.ldif +# * Backup slap.d: cp -a /etc/ldap/slapd.d/ /tmp/slap.d_back +# * Edit the schema in /tmp/config.ldif +# * Load the new config: mkdir -m 0700 /tmp/slapd.d_new && slapadd -F /tmp/slapd.d_new -n0 -l /tmp/config.ldif +# * Stop slapd: /etc/init.d/slapd stop +# * Load the new config: rm -rf /etc/ldap/slapd.d/ && mv /tmp/slapd.d_new /etc/ldap/slapd.d && chown -R openldap:openldap /etc/ldap/slapd.d +# * Create indexes: su openldap -c "slapindex -b 'o=mailHosting,dc=fripost,dc=dev'" +# * Start slapd: /etc/init.d/slapd start +# If it fails, remove the existing database and see what's wrong +# rm -rf /var/lib/ldap/dev/* && su openldap -c "slapadd -b 'o=mailHosting,dc=fripost,dc=org' -l /tmp/db.ldif" +# +# +# /!\ ATTENTION! Every modification made to this file should be +# /!\ implemented in the test suite as well! +# +# +# References: +# - http://courier.svn.sourceforge.net/svnroot/courier/trunk/courier-authlib/authldap.schema +# - http://www.qmail-ldap.org/wiki/index.php/Qmail.schema +# - http://www.wanderingbarque.com/howtos/mailserver/mailserver.html + + +# OID prefix: 1.3.6.1.4.1.40011 + +# This schema depends on: +# - core.schema +# - cosine.schema +# - nis.schema + + +dn: cn=fripost-master,cn=schema,cn=config +objectClass: olcSchemaConfig +# +# Attributes: 1.3.6.1.4.1.40011.1.1 +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.1 NAME 'fvd' + DESC 'A virtual mail domain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.2 NAME 'fvu' + DESC 'The local part of a virtual user' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.3 NAME 'fva' + DESC 'The local part of a virtual mail alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.4 NAME 'fvml' + DESC 'The local part of a virtual mailing list' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.5 NAME 'fripostMLCommand' + DESC 'The local part of a command associated with a mailing list' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.6 NAME 'fripostMaildrop' + DESC 'An email address the virtual alias should be mapped to' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.7 NAME 'fripostIsStatusActive' + DESC 'Is the entry active?' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.8 NAME 'fripostMailboxQuota' + DESC 'The quota on a mailbox e.g., "50MB"' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} SINGLE-VALUE ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.9 NAME 'fripostCanCreateAlias' + DESC 'A user/domain that can create aliases for the parent domain' + SUP distinguishedName ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.10 NAME 'fripostCanCreateML' + DESC 'A user/domain that can create mailing lists for the parent domain' + SUP distinguishedName ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.11 NAME 'fripostOwner' + DESC 'A user that owns the parent domain' + SUP distinguishedName ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.12 NAME 'fripostPostmaster' + DESC 'A user that is a postmaster of the parent domain' + SUP distinguishedName ) +# +olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.13 NAME 'fripostMLManager' + DESC 'A mailing list manager' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE ) +# +# +# Objects: 1.3.6.1.4.1.40011.1.2 +# +olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.1 NAME 'FripostVirtualDomain' + SUP top STRUCTURAL + DESC 'Virtual domain' + MUST ( fvd $ fripostIsStatusActive ) + MAY ( fripostCanCreateAlias $ fripostCanCreateML $ + fripostOwner $ fripostPostmaster $ + fripostMaildrop $ description ) ) +# +# | TODO: add limits here +olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.2 NAME 'FripostVirtualMailbox' + SUP top STRUCTURAL + DESC 'Virtual mailbox' + MUST ( fvu $ userPassword $ fripostIsStatusActive ) + MAY ( fripostMailboxQuota $ fripostMaildrop $ cn $ description) ) +# +olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualAlias' + SUP top STRUCTURAL + DESC 'Virtual alias' + MUST ( fva $ fripostMaildrop $ fripostIsStatusActive ) + MAY ( fripostOwner $ description ) ) +# +olcObjectclasses: ( 1.3.6.1.4.1.40011.1.2.4 NAME 'FripostVirtualML' + SUP top STRUCTURAL + DESC 'Mailing List' + MUST ( fvml $ fripostMLManager $ fripostIsStatusActive ) + MAY ( fripostMLCommand $ fripostOwner $ description ) ) + -- cgit v1.2.3