[Kolab-devel] Testing

Steffen Hansen steffen at klaralvdalens-datakonsult.se
Thu Jul 7 10:23:54 CEST 2005 

On Thursday 07 July 2005 07:33, Martin Konold wrote:
> Am Mittwoch, 6. Juli 2005 14:18 schrieb Matt Douhan:
> > > I wonder if anyone here is interested in testing this. Should I
> > > make packages to crash'n'burn test?
> >
> > ohhh yesss please, my test servers are ready, willing and able.
>
> Yes, of course. Release early and often ;-)
>
> > > 1) Should domain-maintainers have any kind of write-access to the
> > > global addressbook (the cn=external,... subtree) ?
> >
> > IMO no
>
> Of course not. At some point we might even consider a separate group
> membership in order to be able to write to the global addressbook.

That was more of less my own conclusions too.

> But I can imagine that we will in the future have "per domain" LDAP
> addressbooks. The users then can decide which addressbooks to
> subscribe. In order to make this easy a hierarchical structure is
> useful.
>
> > > 2) Should domain-maintainers have any kind of write-access to
> > > internal accounts and hidden distribution lists (the
> > > cn=internal,... subtree) ?
> >
> > only in their own domain
>
> Yes.

Right. CVS currently doesn't support this, but it's next on my plate.

> > > 3) What should domain-maintainers be allowed to put in the
> > > alias-attribute for an account? Only email addresses from within
> > > his domains?
>
> In order to keep things simple a domain-maintainer may only add
> aliases which are pointing at domains he is responsible for. Please
> note that I explicitly allowed a maintainer to be responsible for
> multiple domains. This is best handled with LDAP groups.

Right. Currently I have for each domain:

access to filter=(&(objectClass=kolabInetOrgPerson)(mail=*@<DOMAIN>)(|(!(alias=*))(alias=*@<DOMAIN>)))
        by group/kolabGroupOfNames="cn=<DOMAIN>,cn=domains,cn=internal,dc=..." write
        by * continue

This access will only work when aliases are in the same domain as 
the primary email address. Any suggestions on how to allow aliases to 
be in any domain that the maintainer has access to if the mail attr
is in one of his domains?

regards
-- 
Steffen Hansen          |       Klarälvdalens Datakonsult AB
Senior Software Engineer|       http://www.klaralvdalens-datakonsult.se
                        |
                        |       Platform-independent
                        |       software solutions

More information about the devel mailing list