diff options
Diffstat (limited to 'roles/common-LDAP/templates/etc/ldap')
| -rw-r--r-- | roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 56cd110..3752f9f 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -58,7 +58,7 @@ olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth # olcDbIndex: objectClass eq # Let us make Postfix's life easier. TODO: only if MX, lists.f.o, MDA, etc. -olcDbIndex: fripostIsStatusActive,fvd,fvl,fripostLocalAlias eq +olcDbIndex: fripostIsStatusActive,fvd,fvl eq olcDbIndex: fripostOptionalMaildrop pres # SyncProv/SyncRepl specific indexing. olcDbIndex: entryCSN,entryUUID eq @@ -85,7 +85,7 @@ olcSyncrepl: rid=000 type=refreshAndPersist retry="5 5 300 +" searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias,fripostPostmaster,fripostOwner + attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostPostmaster,fripostOwner scope=sub schemachecking=off bindmethod=simple @@ -115,18 +115,12 @@ olcSyncrepl: rid=000 # Postfix have read access to the attribute it needs when eg, doing # alias resolution. olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=entry,objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias + attrs=entry,objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop filter=(&(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualUser)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(!(objectClass=FripostPendingEntry))(!(fripostIsStatusActive=FALSE))) by dn.exact="cn=MX-replicate,ou=services,o=mailHosting,dc=fripost,dc=org" =rsd by realanonymous =rsd by users =0 break # -# Postfix needs to look up lists' local aliases. -olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=entry - by realanonymous =s - by users =0 break -# # Search domain owners / postmasters (used by reserved-alias.pl). olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,fvd,fvl,fripostPostmaster,fripostOwner @@ -462,12 +456,6 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos by group/FripostVirtualDomain/fripostOwner.expand="$1" =rscd by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =rscd # -# Local aliases are for internal use only. -olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=org)$" - filter=(objectClass=FripostVirtualList) - attrs=fripostLocalAlias - by * =0 -# # 1. The list owners can edit their entry's attributes. # 2. So can the domain owners. # 3. So can the domain postmasters. |