summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/ldap/schema
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/files/etc/ldap/schema')
-rw-r--r--roles/common/files/etc/ldap/schema/fripost.ldif190
1 files changed, 0 insertions, 190 deletions
diff --git a/roles/common/files/etc/ldap/schema/fripost.ldif b/roles/common/files/etc/ldap/schema/fripost.ldif
deleted file mode 100644
index 851988e..0000000
--- a/roles/common/files/etc/ldap/schema/fripost.ldif
+++ /dev/null
@@ -1,190 +0,0 @@
-# Fripost's LDAP schema
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# Load this file with
-#
-# ldapadd -Y EXTERNAL -H ldapi:/// -f fripost.ldif
-#
-# It will load the schema. To perform modifications, the easiest way is to
-#
-# * Save the database: slapcat -b 'o=mailHosting,dc=fripost,dc=dev' > /tmp/db.ldif
-# * Save the configuration: slapcat -n0 > /tmp/config.ldif
-# * Backup slap.d: cp -a /etc/ldap/slapd.d/ /tmp/slap.d_back
-# * Edit the schema in /tmp/config.ldif
-# * Load the new config: mkdir -m 0700 /tmp/slapd.d_new && slapadd -F /tmp/slapd.d_new -n0 -l /tmp/config.ldif
-# * Stop slapd: /etc/init.d/slapd stop
-# * Load the new config: rm -rf /etc/ldap/slapd.d/ && mv /tmp/slapd.d_new /etc/ldap/slapd.d && chown -R openldap:openldap /etc/ldap/slapd.d
-# * Create indexes: sudo -u openldap slapindex -b 'o=mailHosting,dc=fripost,dc=dev'
-# * Start slapd: /etc/init.d/slapd start
-# If it fails, remove the existing database and see what's wrong
-# rm -rf /var/lib/ldap/dev/* && sudo -u openldap slapadd -b 'o=mailHosting,dc=fripost,dc=org' -l /tmp/db.ldif
-#
-#
-# /!\ WARN: All modification to the ACL should be reflected to the test
-# /!\ suite as well!
-#
-#
-# References:
-# - http://courier.svn.sourceforge.net/svnroot/courier/trunk/courier-authlib/authldap.schema
-# - http://www.qmail-ldap.org/wiki/index.php/Qmail.schema
-# - http://www.wanderingbarque.com/howtos/mailserver/mailserver.html
-
-
-# 1.3.6.1.4.1.40011 Fripost's OID
-# 1.3.6.1.4.1.40011.1
-# 1.3.6.1.4.1.40011.1.2 fripost LDAP Elements
-# 1.3.6.1.4.1.40011.1.2.1 AttributeTypes
-# 1.3.6.1.4.1.40011.1.2.2 ObjectClasses
-# 1.3.6.1.4.1.40011.1.2.3 Syntax Definitions
-
-# This schema depends on:
-# - core.schema
-# - cosine.schema
-# - nis.schema
-
-
-dn: cn=fripost-master,cn=schema,cn=config
-objectClass: olcSchemaConfig
-#
-# Attributes: 1.3.6.1.4.1.40011.1.1
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.1 NAME 'fvd'
- DESC 'A virtual mail domain'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.2 NAME 'fvl'
- DESC 'The local part of a virtual user, alias, list or list command'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-#
-# This is redundant since we always use DNs of the form
-# fvl=localpart,fvd=domainpart.tld,...
-# (But Postfix doesn't allow the use of '%u' and '%d' from the query in
-# its 'result_format'.)
-# It is a priori insecure to allow arbitrary values here since users
-# will modify this value themselves, however our Postfix will only
-# accept well-formed values, enforced by a custom filter:
-# query_filter = (&...(fripostLocalAlias=%u#%d))
-# result_attribute = fripostLocalAlias
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.3 NAME 'fripostLocalAlias'
- DESC 'A local alias, typically localpart#domainpart.tld'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.4 NAME 'fripostMaildrop'
- DESC 'An email address the virtual alias should be mapped to'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-#
-# We are creating a new attribute, optional in virtual domains and
-# users, because the presence index should *not* apply to the
-# mandatory attribute above.
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.5 NAME 'fripostOptionalMaildrop'
- DESC 'An optional email address for catch-all aliases on domains and users'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.6 NAME 'fripostIsStatusActive'
- DESC 'When present, a token locking the entry in an inactive state'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.7 NAME 'fripostPendingToken'
- DESC 'Is the entry pending?'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.8 NAME 'fripostUserQuota'
- DESC 'The quota on a user e.g., "50MB"'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} SINGLE-VALUE )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.9 NAME 'fripostCanAddDomain'
- DESC 'A user/domain that can add domains'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.10 NAME 'fripostCanAddAlias'
- DESC 'A user/domain that can add aliases under the parent domain'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.11 NAME 'fripostCanAddList'
- DESC 'A user/domain that can add lists under the parent domain'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.12 NAME 'fripostOwner'
- DESC 'A user that owns under parent domain'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.13 NAME 'fripostPostmaster'
- DESC 'A user that is a postmaster of the parent domain'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.14 NAME 'fripostListManager'
- DESC 'The list manager'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE )
-#
-#
-# Objects: 1.3.6.1.4.1.40011.1.2
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.1 NAME 'FripostVirtual'
- AUXILIARY
- DESC 'Virtual mail hosting'
- MAY ( fripostCanAddDomain ) )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.2 NAME 'FripostVirtualDomain'
- SUP top STRUCTURAL
- DESC 'Virtual domain'
- MUST ( fvd $ fripostIsStatusActive )
- MAY ( fripostCanAddAlias $ fripostCanAddList $
- fripostOwner $ fripostPostmaster $
- fripostOptionalMaildrop $ description ) )
-#
-# | TODO: add limits here
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualUser'
- SUP top STRUCTURAL
- DESC 'Virtual user'
- MUST ( fvl $ userPassword $ fripostIsStatusActive )
- MAY ( fripostUserQuota $ fripostOptionalMaildrop $ description) )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.4 NAME 'FripostVirtualAlias'
- SUP top STRUCTURAL
- DESC 'Virtual alias'
- MUST ( fvl $ fripostMaildrop $ fripostIsStatusActive )
- MAY ( fripostOwner $ description ) )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.5 NAME 'FripostVirtualList'
- SUP top STRUCTURAL
- DESC 'Virtual list'
- MUST ( fvl $ fripostListManager $ fripostIsStatusActive $ fripostLocalAlias )
- MAY ( fripostOwner $ description ) )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.6 NAME 'FripostVirtualListCommand'
- SUP top STRUCTURAL
- DESC 'Virtual list command'
- MUST ( fvl $ fripostLocalAlias ) )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.7 NAME 'FripostPendingEntry'
- SUP top AUXILIARY
- DESC 'Virtual pending entry'
- MAY ( fripostPendingToken ) )