steffen: server/perl-kolab/Kolab-Conf Conf.pm,1.56,1.57
cvs at intevation.de
cvs at intevation.de
Wed Jul 6 12:40:09 CEST 2005
Author: steffen
Update of /kolabrepository/server/perl-kolab/Kolab-Conf
In directory doto:/tmp/cvs-serv11143/Kolab-Conf
Modified Files:
Conf.pm
Log Message:
Code for creating domain-maintainer related LDAP ACLs. We have to embed the config strings in the perl-code because the config-engine cant do loops (yet?)
Index: Conf.pm
===================================================================
RCS file: /kolabrepository/server/perl-kolab/Kolab-Conf/Conf.pm,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -d -r1.56 -r1.57
--- Conf.pm 30 Jun 2005 01:43:55 -0000 1.56
+++ Conf.pm 6 Jul 2005 10:40:07 -0000 1.57
@@ -442,6 +442,85 @@
Kolab::log('T', 'Finished building Cyrus groups', KOLAB_DEBUG );
}
+sub buildLDAPAccess
+{
+ Kolab::log('T', 'Building LDAP access file', KOLAB_DEBUG);
+ my $prefix = $Kolab::config{'prefix'};
+ my $cfg = "$ap::config->{sysconfdir}/openldap/slapd.access";
+ my $oldcfg = $cfg . '.old';
+
+ my $oldmask = umask 077;
+ copy($cfg, $oldcfg);
+ chown($Kolab::config{'kolab_uid'}, $Kolab::config{'kolab_gid'}, $oldcfg);
+ copy("$ap::config->{sysconfdir}/kolab/templates/slapd.access.template", $cfg);
+ my $access;
+ if (!($access = IO::File->new($cfg, 'a'))) {
+ Kolab::log('T', "Unable to open configuration file `$cfg'", KOLAB_ERROR);
+ exit(1);
+ }
+
+ my $global_acl = <<'EOS';
+# Domain specific access
+access to filter=(&(objectClass=kolabInetOrgPerson)(mail=*@@@@domain@@@)(|(!(alias=*))(alias=*@@@@domain@@@)))
+ by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" write
+ by * continue
+
+access to filter=(&(objectClass=kolabGroupOfNames)(mail=*@@@@domain@@@))
+ by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" write
+ by * continue
+
+EOS
+
+ my $dom_acl1 = << 'EOS';
+# Access to domain groups
+access to dn.children="cn=domains,cn=internal,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+EOS
+ my $dom_acl2 = << 'EOS';
+ by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" read
+EOS
+ my $dom_acl3 = << 'EOS';
+ by * search stop
+
+EOS
+
+ my $str;
+ my $domain;
+ my @domains;
+ if( ref($Kolab::config{'postfix-mydestination'}) eq 'ARRAY' ) {
+ @domains = @{$Kolab::config{'postfix-mydestination'}};
+ } else {
+ @domains =( $Kolab::config{'postfix-mydestination'} );
+ }
+
+ ($str = $dom_acl1) =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+ print $access $str;
+
+ foreach $domain (@domains) {
+ ($str = $dom_acl2) =~ s/\@{3}domain\@{3}/$domain/g;
+ $str =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+ print $access $str;
+ }
+
+ ($str = $dom_acl3) =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+ print $access $str;
+
+ foreach $domain (@domains) {
+ ($str = $global_acl) =~ s/\@{3}domain\@{3}/$domain/g;
+ $str =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+ print $access $str;
+ Kolab::log('T', "Adding acl for domain '$str'");
+ }
+
+ $access->close;
+
+ chown($Kolab::config{'kolab_uid'}, $Kolab::config{'kolab_gid'}, $cfg);
+
+ Kolab::log('T', 'Finished building LDAP access file', KOLAB_DEBUG );
+}
+
sub buildLDAPReplicas
{
Kolab::log('T', 'Building LDAP replicas', KOLAB_DEBUG);
@@ -652,6 +731,7 @@
buildPostfixTransportMap;
buildPostfixVirtualMap;
+ buildLDAPAccess;
buildLDAPReplicas;
buildCyrusConfig;
buildCyrusGroups;
More information about the commits
mailing list