From e98d17cca0011ead0bb89c7674a2209760dce59f Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 18 Dec 2013 14:34:10 +0100 Subject: Remove the 'fripostLocalAlias' attribute. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead, we pretend that lists are valid users (via a match in the mailbox_transport_maps) but choose a different transport (with the same request in transport_maps). The advantage is that we get rid of the ugly hack for list transport… A minor drawback is that we now have two LDAP lookups instead of one for non local addresses (ie, everything but reserved addresses). Hopefully the requests are cached; but even if they aren't, querying a local LDAP server is supposed to be cheap. --- roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) (limited to 'roles/common-LDAP/templates/etc/ldap') diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 56cd110..3752f9f 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -58,7 +58,7 @@ olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth # olcDbIndex: objectClass eq # Let us make Postfix's life easier. TODO: only if MX, lists.f.o, MDA, etc. -olcDbIndex: fripostIsStatusActive,fvd,fvl,fripostLocalAlias eq +olcDbIndex: fripostIsStatusActive,fvd,fvl eq olcDbIndex: fripostOptionalMaildrop pres # SyncProv/SyncRepl specific indexing. olcDbIndex: entryCSN,entryUUID eq @@ -85,7 +85,7 @@ olcSyncrepl: rid=000 type=refreshAndPersist retry="5 5 300 +" searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias,fripostPostmaster,fripostOwner + attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostPostmaster,fripostOwner scope=sub schemachecking=off bindmethod=simple @@ -115,18 +115,12 @@ olcSyncrepl: rid=000 # Postfix have read access to the attribute it needs when eg, doing # alias resolution. olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=entry,objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias + attrs=entry,objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop filter=(&(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualUser)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(!(objectClass=FripostPendingEntry))(!(fripostIsStatusActive=FALSE))) by dn.exact="cn=MX-replicate,ou=services,o=mailHosting,dc=fripost,dc=org" =rsd by realanonymous =rsd by users =0 break # -# Postfix needs to look up lists' local aliases. -olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org" - attrs=entry - by realanonymous =s - by users =0 break -# # Search domain owners / postmasters (used by reserved-alias.pl). olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,fvd,fvl,fripostPostmaster,fripostOwner @@ -462,12 +456,6 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos by group/FripostVirtualDomain/fripostOwner.expand="$1" =rscd by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =rscd # -# Local aliases are for internal use only. -olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=org)$" - filter=(objectClass=FripostVirtualList) - attrs=fripostLocalAlias - by * =0 -# # 1. The list owners can edit their entry's attributes. # 2. So can the domain owners. # 3. So can the domain postmasters. -- cgit v1.2.3