[Kolab-devel] New attributeType kolabTargetFolder for objectClass kolabSharedFolder

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Wed Mar 7 19:38:46 CET 2012 

Hi there,

please find attached a patch against the kolab schema (kolab2.schema 
only, not kolab2.ldif), to enable an additional attribute for LDAP 
entries the kolabSharedFolder objectClass.

The rationale is as follows;

With a kolabSharedFolder allowing for an 'alias' attribute (add 
'mailrecipient' for a 'mail' attribute), an administrator is enabled to 
indicate that an address such as 'sysadmin-main at kolab.org' is to end up 
in a shared folder, maintain ACLs on such a folder, and allow/deny 
senders/recipients from using the canonical address for the shared 
folder.

The only attribute that indicates the folder path currently is the 
'cn', presumably intended to indicate the shared folder should be 
'shared/<cn>@<domain>'.

This level of nesting is not sufficient for larger organizations, 
though.

As per the example address 'sysadmin-main at kolab.org' (think 
'ldap-admins at kolab.org' where 'ldap-admins' are part of the 
"IT/Operations/Linux & UNIX/Directory Services' team, 
'shared/ldap-admins' may just not suffice.

With a kolabTargetFolder set to 'shared/IT/Linux & UNIX/Directory 
Services/LDAP' though, 'ldap-admins at kolab.org' could end up in this 
folder very nicely, as per the following postfix virtual_alias_maps 
lookup table:

/etc/postfix/ldap/virtual_alias_maps-shared_folders.cf would contain:
> server_host = ldap.kolab.org
> search_base = ou=Shared Folders,dc=kolab,dc=org
> bind_dn = <some_dn>
> bind_pw = <some_pw>
> scope = one
> query_filter = 
> (&(|(mail=%s)(alias=%s))(objectclass=kolabSharedFolder))
> result_attribute = kolabTargetFolder
> result_format = shared+%s

Such with an LDAP entry containing:
> dn: cn=ldap-admins,ou=Shared Folders,dc=kolab,dc=org
> objectClass: top
> objectClass: kolabSharedFolder
> objectClass: mailrecipient
> cn: ldap-admins
> mail: ldap-admins at kolab.org
> alias: ldap-administrators at kolab.org
> kolabTargetFolder: IT/Operations/Linux & UNIX/Directory Services/LDAP

Note that in this example, the postuser setting in '/etc/imapd.conf' is 
set to 'shared'.

Thoughts? Comments? Questions? Gripes?

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

More information about the devel mailing list