steffen: server/perl-kolab/Kolab-Conf Conf.pm,1.56,1.57

cvs at intevation.de cvs at intevation.de
Wed Jul 6 12:40:09 CEST 2005


Author: steffen

Update of /kolabrepository/server/perl-kolab/Kolab-Conf
In directory doto:/tmp/cvs-serv11143/Kolab-Conf

Modified Files:
	Conf.pm 
Log Message:
Code for creating domain-maintainer related LDAP ACLs. We have to embed the config strings in the perl-code because the config-engine cant do loops (yet?)

Index: Conf.pm
===================================================================
RCS file: /kolabrepository/server/perl-kolab/Kolab-Conf/Conf.pm,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -d -r1.56 -r1.57
--- Conf.pm	30 Jun 2005 01:43:55 -0000	1.56
+++ Conf.pm	6 Jul 2005 10:40:07 -0000	1.57
@@ -442,6 +442,85 @@
     Kolab::log('T', 'Finished building Cyrus groups', KOLAB_DEBUG );
 }
 
+sub buildLDAPAccess
+{
+    Kolab::log('T', 'Building LDAP access file', KOLAB_DEBUG);
+    my $prefix = $Kolab::config{'prefix'};
+    my $cfg = "$ap::config->{sysconfdir}/openldap/slapd.access";
+    my $oldcfg = $cfg . '.old';
+
+    my $oldmask = umask 077;
+    copy($cfg, $oldcfg);
+    chown($Kolab::config{'kolab_uid'}, $Kolab::config{'kolab_gid'}, $oldcfg);
+    copy("$ap::config->{sysconfdir}/kolab/templates/slapd.access.template", $cfg);
+    my $access;
+    if (!($access = IO::File->new($cfg, 'a'))) {
+        Kolab::log('T', "Unable to open configuration file `$cfg'", KOLAB_ERROR);
+        exit(1);
+    }
+
+    my $global_acl = <<'EOS';
+# Domain specific access
+access to filter=(&(objectClass=kolabInetOrgPerson)(mail=*@@@@domain@@@)(|(!(alias=*))(alias=*@@@@domain@@@)))
+        by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" write
+        by * continue
+
+access to filter=(&(objectClass=kolabGroupOfNames)(mail=*@@@@domain@@@))
+        by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" write
+        by * continue
+
+EOS
+
+    my $dom_acl1 = << 'EOS';
+# Access to domain groups
+access to dn.children="cn=domains,cn=internal,@@@base_dn@@@"
+        by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+        by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+        by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+EOS
+    my $dom_acl2 = << 'EOS';
+        by group/kolabGroupOfNames="cn=@@@domain@@@,cn=domains,cn=internal,@@@base_dn@@@" read
+EOS
+    my $dom_acl3 = << 'EOS';
+        by * search stop
+
+EOS
+
+    my $str;
+    my $domain;
+    my @domains;
+    if( ref($Kolab::config{'postfix-mydestination'}) eq 'ARRAY' ) {
+      @domains = @{$Kolab::config{'postfix-mydestination'}};
+    } else {
+      @domains =( $Kolab::config{'postfix-mydestination'} );
+    }
+
+    ($str = $dom_acl1) =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+    print $access $str;
+
+    foreach $domain (@domains) {
+	($str = $dom_acl2) =~ s/\@{3}domain\@{3}/$domain/g;
+	$str =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;	
+	print $access $str;
+    }
+
+    ($str = $dom_acl3) =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;
+    print $access $str;
+
+    foreach $domain (@domains) {
+	($str = $global_acl) =~ s/\@{3}domain\@{3}/$domain/g;
+	$str =~ s/\@{3}base_dn\@{3}/$Kolab::config{'base_dn'}/g;	
+	print $access $str;
+	Kolab::log('T', "Adding acl for domain '$str'");
+    }
+
+    $access->close;
+
+    chown($Kolab::config{'kolab_uid'}, $Kolab::config{'kolab_gid'}, $cfg);
+
+    Kolab::log('T', 'Finished building LDAP access file', KOLAB_DEBUG );
+}
+
 sub buildLDAPReplicas
 {
     Kolab::log('T', 'Building LDAP replicas', KOLAB_DEBUG);
@@ -652,6 +731,7 @@
 
     buildPostfixTransportMap;
     buildPostfixVirtualMap;
+    buildLDAPAccess;
     buildLDAPReplicas;
     buildCyrusConfig;
     buildCyrusGroups;





More information about the commits mailing list