# Fripost's LDAP schema # Copyright © 2013 Guilhem Moulin # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Load this file with # # ldapadd -Y EXTERNAL -H ldapi:/// -f fripost.ldif # # It will load the schema. To perform modifications, the easiest way is to # # * Save the database: slapcat -b 'dc=fripost,dc=org' > /tmp/db.ldif # * Save the configuration: slapcat -n0 > /tmp/config.ldif # * Backup slap.d: cp -a /etc/ldap/slapd.d/ /tmp/slap.d_back # * Edit the schema in /tmp/config.ldif # * Load the new config: mkdir -m 0700 /tmp/slapd.d_new && slapadd -F /tmp/slapd.d_new -n0 -l /tmp/config.ldif # * Stop slapd: /etc/init.d/slapd stop # * Load the new config: rm -rf /etc/ldap/slapd.d/ && mv /tmp/slapd.d_new /etc/ldap/slapd.d && chown -R openldap:openldap /etc/ldap/slapd.d # * Create indexes: sudo -u openldap slapindex -b 'dc=fripost,dc=org' # * Start slapd: /etc/init.d/slapd start # If it fails, remove the existing database and see what's wrong # rm -rf /var/lib/ldap/dev/* && sudo -u openldap slapadd -b 'dc=fripost,dc=org' -l /tmp/db.ldif # # # /!\ WARN: All modification to the ACL should be reflected to the test # /!\ suite as well! # # # References: # - http://courier.svn.sourceforge.net/svnroot/courier/trunk/courier-authlib/authldap.schema # - http://www.qmail-ldap.org/wiki/index.php/Qmail.schema # - http://www.wanderingbarque.com/howtos/mailserver/mailserver.html # 1.3.6.1.4.1.40011 Fripost's OID # 1.3.6.1.4.1.40011.1 # 1.3.6.1.4.1.40011.1.2 fripost LDAP Elements # 1.3.6.1.4.1.40011.1.2.1 AttributeTypes # 1.3.6.1.4.1.40011.1.2.2 ObjectClasses # 1.3.6.1.4.1.40011.1.2.3 Syntax Definitions # This schema depends on: # - core.schema # - cosine.schema # - nis.schema dn: cn=fripost,cn=schema,cn=config objectClass: olcSchemaConfig # # Attributes: 1.3.6.1.4.1.40011.1.1 # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.1 NAME 'fvd' DESC 'A virtual mail domain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.2 NAME 'fvl' DESC 'The local part of a virtual user, alias or list' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.3 NAME 'fripostMaildrop' DESC 'An email address the virtual alias should be mapped to' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # # We are creating a new attribute, optional in virtual domains and # users, because the presence index should *not* apply to the # mandatory attribute above. olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.4 NAME 'fripostOptionalMaildrop' DESC 'An optional email address for catch-all or domain aliases' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.5 NAME 'fripostIsStatusActive' DESC 'Is the entry active?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.6 NAME 'fripostPendingToken' DESC 'Is the entry pending?' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.7 NAME 'fripostUserQuota' DESC 'The quota on a user account, in bytes' EQUALITY numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.8 NAME 'fripostCanAddDomain' DESC 'A user/domain allowed to add domains' SUP distinguishedName ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.9 NAME 'fripostCanAddAlias' DESC 'A user/domain allowed to add aliases under the parent domain' SUP distinguishedName ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.10 NAME 'fripostCanAddList' DESC 'A user/domain allowed to add lists under the parent domain' SUP distinguishedName ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.11 NAME 'fripostOwner' DESC 'A user being the owner of the parent domain' SUP distinguishedName ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.12 NAME 'fripostPostmaster' DESC 'A user being the postmaster of the parent domain' SUP distinguishedName ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.13 NAME 'fripostListManager' DESC 'The list manager' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.14 NAME 'fripostUseContentFilter' DESC 'Does the user want to use the content filter?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.15 NAME 'fripostOpenPGPKeyring' DESC 'User OpenPGP Keyring (RFC 4880)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) # olcAttributeTypes: ( 1.3.6.1.4.1.40011.1.2.1.16 NAME 'fripostAlternativeAddress' DESC 'A non-fripost email address' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # # # Objects: 1.3.6.1.4.1.40011.1.2 # olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.1 NAME 'FripostVirtual' AUXILIARY DESC 'Virtual mail hosting' MAY ( fripostCanAddDomain ) ) # olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.2 NAME 'FripostVirtualDomain' SUP top STRUCTURAL DESC 'Virtual domain' MUST ( fvd $ fripostIsStatusActive ) MAY ( fripostCanAddAlias $ fripostCanAddList $ fripostOwner $ fripostPostmaster $ fripostOptionalMaildrop $ description ) ) # # Domain alias (for the domain given by fripostMaildrop). Children are ignored. olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.3 NAME 'FripostVirtualAliasDomain' SUP FripostVirtualDomain STRUCTURAL DESC 'Virtual alias domain' MUST ( fripostMaildrop ) ) # # | TODO: add limits here olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.4 NAME 'FripostVirtualUser' SUP top STRUCTURAL DESC 'Virtual user' MUST ( fvl $ userPassword $ fripostIsStatusActive $ fripostUseContentFilter ) MAY ( fripostUserQuota $ description $ fripostOpenPGPKeyring $ fripostAlternativeAddress) ) # olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.5 NAME 'FripostVirtualAlias' SUP top STRUCTURAL DESC 'Virtual alias' MUST ( fvl $ fripostMaildrop $ fripostIsStatusActive ) MAY ( fripostOwner $ description ) ) # olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.6 NAME 'FripostVirtualList' SUP top STRUCTURAL DESC 'Virtual list' MUST ( fvl $ fripostListManager $ fripostIsStatusActive ) MAY ( fripostOwner $ description ) ) # olcObjectClasses: ( 1.3.6.1.4.1.40011.1.2.7 NAME 'FripostPendingEntry' SUP top AUXILIARY DESC 'Virtual pending entry' MAY ( fripostPendingToken ) )