summaryrefslogtreecommitdiff
path: root/hosted-kolab
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2014-02-03 13:34:38 (GMT)
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2014-02-03 13:38:39 (GMT)
commit97a8c5113cac2e4f31283ff0ab700d27ff849ea5 (patch)
treeac5ecb16176721bd02056a78d97d4da41ebc0a24 /hosted-kolab
parentcb0f7260b039616953fdf21d22e9516a7afb3485 (diff)
downloadkolab-scripts-97a8c5113cac2e4f31283ff0ab700d27ff849ea5.tar.gz
Adjust our hosted setup scripts
Diffstat (limited to 'hosted-kolab')
-rwxr-xr-xhosted-kolab/02-add-ou-Domains.sh11
-rwxr-xr-xhosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh11
-rwxr-xr-xhosted-kolab/03-add-management-domain.sh14
-rwxr-xr-xhosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh18
-rwxr-xr-xhosted-kolab/04-add-kolab-hosting-section.sh14
-rwxr-xr-xhosted-kolab/10-add-initial-admin-user-to-domain.sh52
-rwxr-xr-xhosted-kolab/11-add-domain-sections.sh202
-rwxr-xr-xhosted-kolab/12-update-mysql-table-for-hosted.sh12
-rwxr-xr-xhosted-kolab/13-add-hosted-domain-with-external-ldap.sh21
-rwxr-xr-xhosted-kolab/14-add-hosted-roles.sh18
10 files changed, 39 insertions, 334 deletions
diff --git a/hosted-kolab/02-add-ou-Domains.sh b/hosted-kolab/02-add-ou-Domains.sh
new file mode 100755
index 0000000..e29dde9
--- /dev/null
+++ b/hosted-kolab/02-add-ou-Domains.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+ . ./settings.sh
+(
+ echo "dn: ou=Domains,${rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: Domains"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh b/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh
deleted file mode 100755
index 3b20b7c..0000000
--- a/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
- echo "dn: cn=kolab,cn=config"
- echo "changetype: modify"
- echo "add: aci"
- echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
- echo ""
-) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/03-add-management-domain.sh b/hosted-kolab/03-add-management-domain.sh
new file mode 100755
index 0000000..98184bb
--- /dev/null
+++ b/hosted-kolab/03-add-management-domain.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+ . ./settings.sh
+(
+ echo "dn: associateddomain=${domain},${domain_base_dn}"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "inetDomainStatus: active"
+ echo "objectClass: top"
+ echo "objectClass: domainrelatedobject"
+ echo "objectClass: inetdomain"
+ echo "associatedDomain: ${domain}"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh b/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
deleted file mode 100755
index 26856e9..0000000
--- a/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ $# -ne 1 ]; then
- domain_to_lock=${domain}
-else
- domain_to_lock=$1
-fi
-
-(
- echo "dn: associateddomain=${domain_to_lock},cn=kolab,cn=config"
- echo "changetype: modify"
- echo "add: aci"
- echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";deny (read,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
- echo ""
-) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/04-add-kolab-hosting-section.sh b/hosted-kolab/04-add-kolab-hosting-section.sh
deleted file mode 100755
index 13fbbc6..0000000
--- a/hosted-kolab/04-add-kolab-hosting-section.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
- echo ""
- echo "[kolab_hosting]"
- echo "primary_domain = ${hosted_domain}"
- echo "bind_dn = uid=hosted-kolab-service,ou=Special Users,${rootdn}"
- echo "bind_pw = ${hosted_kolab_service_pw}"
- echo ""
-) >> /etc/kolab/kolab.conf
-
-sed -r -i -e 's/\[kolab_wap\]/[kolab_wap]\ndevel_mode = 1\ndebug_mode = trace/g' /etc/kolab/kolab.conf
diff --git a/hosted-kolab/10-add-initial-admin-user-to-domain.sh b/hosted-kolab/10-add-initial-admin-user-to-domain.sh
deleted file mode 100755
index 4d01b32..0000000
--- a/hosted-kolab/10-add-initial-admin-user-to-domain.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
- echo "dn: uid=admin,ou=People,dc=kolabsys,dc=com"
- echo "objectclass: top"
- echo "objectclass: inetorgperson"
- echo "objectclass: person"
- echo "uid: admin"
- echo "cn: Temporary Administrator"
- echo "sn: Administrator"
- echo "givenname: Temporary"
- echo "displayname: Temporary Administrator"
- echo "mail: admin@kolabsys.com"
- echo "nsroledn: cn=kolab-admin,dc=kolabsys,dc=com"
- echo "userpassword: ${ldap_bindpw}"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
- echo "dn: uid=admin,ou=People,dc=kolab,dc=org"
- echo "objectclass: top"
- echo "objectclass: inetorgperson"
- echo "objectclass: person"
- echo "uid: admin"
- echo "cn: Temporary Administrator"
- echo "sn: Administrator"
- echo "givenname: Temporary"
- echo "displayname: Temporary Administrator"
- echo "mail: admin@kolab.org"
- echo "nsroledn: cn=kolab-admin,dc=kolab,dc=org"
- echo "userpassword: ${ldap_bindpw}"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
- echo "dn: uid=admin,ou=People,dc=demo,dc=kolab,dc=org"
- echo "objectclass: top"
- echo "objectclass: inetorgperson"
- echo "objectclass: person"
- echo "uid: admin"
- echo "cn: Temporary Administrator"
- echo "sn: Administrator"
- echo "givenname: Temporary"
- echo "displayname: Temporary Administrator"
- echo "mail: admin@demo.kolab.org"
- echo "nsroledn: cn=kolab-admin,dc=demo,dc=kolab,dc=org"
- echo "userpassword: ${ldap_bindpw}"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/11-add-domain-sections.sh b/hosted-kolab/11-add-domain-sections.sh
deleted file mode 100755
index 8692036..0000000
--- a/hosted-kolab/11-add-domain-sections.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-cat >>/etc/kolab/kolab.conf<<EOF
-[demo.kolab.org]
-base_dn = dc=demo,dc=kolab,dc=org
-user_base_dn = ou=People,%(base_dn)s
-personal_user_base_dn = ou=People,%(base_dn)s
-professional_user_base_dn = ou=People,%(base_dn)s
-primary_mail = %(uid)s@(domain)s
-autocreate_folders = {
- 'Calendar': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "event.default",
- '/shared/vendor/kolab/folder-type': "event",
- },
- },
- 'Configuration': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "configuration.default",
- '/shared/vendor/kolab/folder-type': "configuration.default",
- },
- },
- 'Drafts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.drafts",
- },
- },
- 'Contacts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "contact.default",
- '/shared/vendor/kolab/folder-type': "contact",
- },
- },
- 'Journal': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "journal.default",
- '/shared/vendor/kolab/folder-type': "journal",
- },
- },
- 'Notes': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': 'note.default',
- '/shared/vendor/kolab/folder-type': 'note',
- },
- },
- 'Sent': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.sentitems",
- },
- },
- 'Spam': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.junkemail",
- },
- },
- 'Tasks': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "task.default",
- '/shared/vendor/kolab/folder-type': "task",
- },
- },
- 'Trash': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.trash",
- },
- },
- }
-default_quota = 1048576
-
-[kolabsys.com]
-primary_mail = %(uid)s@(domain)s
-autocreate_folders = {
- 'Calendar': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "event.default",
- '/shared/vendor/kolab/folder-type': "event",
- },
- },
- 'Configuration': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "configuration.default",
- '/shared/vendor/kolab/folder-type': "configuration.default",
- },
- },
- 'Drafts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.drafts",
- },
- },
- 'Contacts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "contact.default",
- '/shared/vendor/kolab/folder-type': "contact",
- },
- },
- 'Journal': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "journal.default",
- '/shared/vendor/kolab/folder-type': "journal",
- },
- },
- 'Notes': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': 'note.default',
- '/shared/vendor/kolab/folder-type': 'note',
- },
- },
- 'Sent': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.sentitems",
- },
- },
- 'Spam': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.junkemail",
- },
- },
- 'Tasks': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "task.default",
- '/shared/vendor/kolab/folder-type': "task",
- },
- },
- 'Trash': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.trash",
- },
- },
- }
-secondary_mail = {
- 0: {
- "{0}.{1}@{2}": "format('%(givenname)s'[0:1].capitalize(), '%(surname)s', '%(domain)s')"
- },
- 1: {
- "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')"
- }
- }
-default_quota = 1048576
-
-[kolab.org]
-base_dn = dc=kolab,dc=org
-user_base_dn = ou=People,%(base_dn)s
-primary_mail = %(givenname)s.%(surname)s@%(domain)s
-autocreate_folders = {
- 'Calendar': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "event.default",
- '/shared/vendor/kolab/folder-type': "event",
- },
- },
- 'Configuration': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "configuration.default",
- '/shared/vendor/kolab/folder-type': "configuration.default",
- },
- },
- 'Drafts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.drafts",
- },
- },
- 'Contacts': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "contact.default",
- '/shared/vendor/kolab/folder-type': "contact",
- },
- },
- 'Journal': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "journal.default",
- '/shared/vendor/kolab/folder-type': "journal",
- },
- },
- 'Notes': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': 'note.default',
- '/shared/vendor/kolab/folder-type': 'note',
- },
- },
- 'Sent': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.sentitems",
- },
- },
- 'Spam': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.junkemail",
- },
- },
- 'Tasks': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "task.default",
- '/shared/vendor/kolab/folder-type': "task",
- },
- },
- 'Trash': {
- 'annotations': {
- '/private/vendor/kolab/folder-type': "mail.trash",
- },
- },
- }
-default_quota = 1048576
-EOF
-
diff --git a/hosted-kolab/12-update-mysql-table-for-hosted.sh b/hosted-kolab/12-update-mysql-table-for-hosted.sh
deleted file mode 100755
index f200bf3..0000000
--- a/hosted-kolab/12-update-mysql-table-for-hosted.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ -f "`ls -1 /usr/share/kolab-webadmin/doc/kolab_hosting-*.sql`" ]; then
- sql_file="`ls -1 /usr/share/kolab-webadmin/doc/kolab_hosting-*.sql`"
-else
- sql_file="`ls -1 /usr/share/doc/kolab-webadmin-*/kolab_hosting-*.sql`"
-fi
-
-mysql --user=kolab --password=Welcome2KolabSystems kolab < $sql_file
-
diff --git a/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh b/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh
deleted file mode 100755
index 0109792..0000000
--- a/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ $# -ne 1 ]; then
- read -p "Domain name space: " $domain_name_space
-else
- domain_name_space=$1
-fi
-
-(
- echo "dn: associateddomain=${domain_name_space},cn=kolab,cn=config"
- echo "objectclass: top"
- echo "objectclass: domainrelatedobject"
- echo "associateddomain: ${domain_name_space}"
- if [ ! -z "$2" ]; then
- echo "inetdomainbasedn: $2"
- fi
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/14-add-hosted-roles.sh b/hosted-kolab/14-add-hosted-roles.sh
index 2482f92..42e17bf 100755
--- a/hosted-kolab/14-add-hosted-roles.sh
+++ b/hosted-kolab/14-add-hosted-roles.sh
@@ -3,23 +3,33 @@
. ./settings.sh
(
- echo "dn: cn=IMAPUser,dc=mykolab,dc=com"
+ echo "dn: cn=activesync-user,${hosted_domain_rootdn}"
echo "objectclass: top"
echo "objectclass: ldapsubentry"
echo "objectclass: nsroledefinition"
echo "objectclass: nssimpleroledefinition"
echo "objectclass: nsmanagedroledefinition"
- echo "cn: IMAPUser"
+ echo "cn: activesync-user"
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
(
- echo "dn: cn=ActiveSyncUser,dc=mykolab,dc=com"
+ echo "dn: cn=imap-user,${hosted_domain_rootdn}"
echo "objectclass: top"
echo "objectclass: ldapsubentry"
echo "objectclass: nsroledefinition"
echo "objectclass: nssimpleroledefinition"
echo "objectclass: nsmanagedroledefinition"
- echo "cn: ActiveSyncUser"
+ echo "cn: imap-user"
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+(
+ echo "dn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: kolab-user"
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
#(