diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-01 23:54:28 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:04 +0200 |
| commit | 7275b307b8e26e60392e600a3de0671d0aa49043 (patch) | |
| tree | 8442ab8d0a2fa78381b5ba6e6f865b75f345290a /roles/common-LDAP | |
| parent | d363522c15b1d1ce61b2780a539dd09e2e679d34 (diff) | |
Postfix is compiled without SASL support.
As of 2.9.6 (2.10), at least. See bug #730848.
Diffstat (limited to 'roles/common-LDAP')
| -rw-r--r-- | roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 8333032..03691f9 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -23,10 +23,9 @@ olcLastMod: TRUE olcDbCheckpoint: 512 15 # Require LDAPv3 protocol and authentication prior to directory # operations. -olcRequires: LDAPv3 authc -# We don't want to give "canAdd{Alias,List}" write access to alias/list -# attributes. -olcAddContentAcl: FALSE +olcRequires: LDAPv3 +# TODO: how 'olcAddContentAcl' affects the test suite? +olcAddContentAcl: TRUE # The root user has all rights on the whole database (when SASL-binding # on a UNIX socket). olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth @@ -98,24 +97,25 @@ olcDbIndex: entryCSN,entryUUID eq # # ######################################################################## -# Most common services: Postfix, Amavis, SASLauth, Dovecot +# Most common services: Postfix, Amavis, Dovecot # (Most used ACLs are cheaper when written first.) # -# Postfix have read access to the attribute they need. +# Postfix have read access to the attribute it needs when eg, doing +# alias resolution. olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias filter=(&(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualUser)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(!(objectClass=FripostPendingEntry))(!(fripostIsStatusActive=FALSE))) by dn.exact="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=org" =rsd - by dn.exact="username=postfix,cn=peercred,cn=external,cn=auth" =rsd + by realanonymous =rsd by users =0 break # -# Search lists and domain owners +# Postfix needs to look up lists' local aliases. olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry - by dn.exact="username=postfix,cn=peercred,cn=external,cn=auth" =s + by realanonymous =s by users =0 break # -# Search domain owners / postmasters +# Search domain owners / postmasters (used by reserved-alias.pl). olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,fvd,fvl,fripostPostmaster,fripostOwner filter=(&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(!(fripostIsStatusActive=FALSE))) @@ -128,7 +128,7 @@ olcAccess: to dn.one="ou=services,o=mailHosting,dc=fripost,dc=org" attrs=userPassword by realanonymous =xd # -# That's necessary for SASL proxy Authorize the web application. +# The following is required for SASL proxy Authorize the web application. olcAccess: to dn.exact="cn=AdminWebPanel,ou=services,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,authzTo by realanonymous =x |