From 97a8c5113cac2e4f31283ff0ab700d27ff849ea5 Mon Sep 17 00:00:00 2001
From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Date: Mon, 3 Feb 2014 14:34:38 +0100
Subject: Adjust our hosted setup scripts

---
 hosted-kolab/02-add-ou-Domains.sh                  |  11 ++
 ...hosted-kolab-service-account-to-list-domains.sh |  11 --
 hosted-kolab/03-add-management-domain.sh           |  14 ++
 ...ed-kolab-service-account-from-reading-domain.sh |  18 --
 hosted-kolab/04-add-kolab-hosting-section.sh       |  14 --
 .../10-add-initial-admin-user-to-domain.sh         |  52 ------
 hosted-kolab/11-add-domain-sections.sh             | 202 ---------------------
 hosted-kolab/12-update-mysql-table-for-hosted.sh   |  12 --
 .../13-add-hosted-domain-with-external-ldap.sh     |  21 ---
 hosted-kolab/14-add-hosted-roles.sh                |  18 +-
 10 files changed, 39 insertions(+), 334 deletions(-)
 create mode 100755 hosted-kolab/02-add-ou-Domains.sh
 delete mode 100755 hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh
 create mode 100755 hosted-kolab/03-add-management-domain.sh
 delete mode 100755 hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
 delete mode 100755 hosted-kolab/04-add-kolab-hosting-section.sh
 delete mode 100755 hosted-kolab/10-add-initial-admin-user-to-domain.sh
 delete mode 100755 hosted-kolab/11-add-domain-sections.sh
 delete mode 100755 hosted-kolab/12-update-mysql-table-for-hosted.sh
 delete mode 100755 hosted-kolab/13-add-hosted-domain-with-external-ldap.sh

diff --git a/hosted-kolab/02-add-ou-Domains.sh b/hosted-kolab/02-add-ou-Domains.sh
new file mode 100755
index 0000000..e29dde9
--- /dev/null
+++ b/hosted-kolab/02-add-ou-Domains.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+ . ./settings.sh
+(
+    echo "dn: ou=Domains,${rootdn}"
+    echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+    echo "ou: Domains"
+    echo "objectClass: top"
+    echo "objectClass: organizationalunit"
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh b/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh
deleted file mode 100755
index 3b20b7c..0000000
--- a/hosted-kolab/02-allow-hosted-kolab-service-account-to-list-domains.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
-    echo "dn: cn=kolab,cn=config"
-    echo "changetype: modify"
-    echo "add: aci"
-    echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
-    echo ""
-) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/03-add-management-domain.sh b/hosted-kolab/03-add-management-domain.sh
new file mode 100755
index 0000000..98184bb
--- /dev/null
+++ b/hosted-kolab/03-add-management-domain.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+ . ./settings.sh
+(
+    echo "dn: associateddomain=${domain},${domain_base_dn}"
+    echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
+    echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+    echo "inetDomainStatus: active"
+    echo "objectClass: top"
+    echo "objectClass: domainrelatedobject"
+    echo "objectClass: inetdomain"
+    echo "associatedDomain: ${domain}"
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh b/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
deleted file mode 100755
index 26856e9..0000000
--- a/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ $# -ne 1 ]; then
-    domain_to_lock=${domain}
-else
-    domain_to_lock=$1
-fi
-
-(
-    echo "dn: associateddomain=${domain_to_lock},cn=kolab,cn=config"
-    echo "changetype: modify"
-    echo "add: aci"
-    echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";deny (read,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
-    echo ""
-) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/04-add-kolab-hosting-section.sh b/hosted-kolab/04-add-kolab-hosting-section.sh
deleted file mode 100755
index 13fbbc6..0000000
--- a/hosted-kolab/04-add-kolab-hosting-section.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
-    echo ""
-    echo "[kolab_hosting]"
-    echo "primary_domain = ${hosted_domain}"
-    echo "bind_dn = uid=hosted-kolab-service,ou=Special Users,${rootdn}"
-    echo "bind_pw = ${hosted_kolab_service_pw}"
-    echo ""
-) >> /etc/kolab/kolab.conf
-
-sed -r -i -e 's/\[kolab_wap\]/[kolab_wap]\ndevel_mode = 1\ndebug_mode = trace/g' /etc/kolab/kolab.conf
diff --git a/hosted-kolab/10-add-initial-admin-user-to-domain.sh b/hosted-kolab/10-add-initial-admin-user-to-domain.sh
deleted file mode 100755
index 4d01b32..0000000
--- a/hosted-kolab/10-add-initial-admin-user-to-domain.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
-    echo "dn: uid=admin,ou=People,dc=kolabsys,dc=com"
-    echo "objectclass: top"
-    echo "objectclass: inetorgperson"
-    echo "objectclass: person"
-    echo "uid: admin"
-    echo "cn: Temporary Administrator"
-    echo "sn: Administrator"
-    echo "givenname: Temporary"
-    echo "displayname: Temporary Administrator"
-    echo "mail: admin@kolabsys.com"
-    echo "nsroledn: cn=kolab-admin,dc=kolabsys,dc=com"
-    echo "userpassword: ${ldap_bindpw}"
-    echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
-    echo "dn: uid=admin,ou=People,dc=kolab,dc=org"
-    echo "objectclass: top"
-    echo "objectclass: inetorgperson"
-    echo "objectclass: person"
-    echo "uid: admin"
-    echo "cn: Temporary Administrator"
-    echo "sn: Administrator"
-    echo "givenname: Temporary"
-    echo "displayname: Temporary Administrator"
-    echo "mail: admin@kolab.org"
-    echo "nsroledn: cn=kolab-admin,dc=kolab,dc=org"
-    echo "userpassword: ${ldap_bindpw}"
-    echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
-    echo "dn: uid=admin,ou=People,dc=demo,dc=kolab,dc=org"
-    echo "objectclass: top"
-    echo "objectclass: inetorgperson"
-    echo "objectclass: person"
-    echo "uid: admin"
-    echo "cn: Temporary Administrator"
-    echo "sn: Administrator"
-    echo "givenname: Temporary"
-    echo "displayname: Temporary Administrator"
-    echo "mail: admin@demo.kolab.org"
-    echo "nsroledn: cn=kolab-admin,dc=demo,dc=kolab,dc=org"
-    echo "userpassword: ${ldap_bindpw}"
-    echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/11-add-domain-sections.sh b/hosted-kolab/11-add-domain-sections.sh
deleted file mode 100755
index 8692036..0000000
--- a/hosted-kolab/11-add-domain-sections.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-cat >>/etc/kolab/kolab.conf<<EOF
-[demo.kolab.org]
-base_dn = dc=demo,dc=kolab,dc=org
-user_base_dn = ou=People,%(base_dn)s
-personal_user_base_dn = ou=People,%(base_dn)s
-professional_user_base_dn = ou=People,%(base_dn)s
-primary_mail = %(uid)s@(domain)s
-autocreate_folders = {
-    'Calendar': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "event.default",
-    '/shared/vendor/kolab/folder-type': "event",
-    },
-    },
-    'Configuration': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "configuration.default",
-    '/shared/vendor/kolab/folder-type': "configuration.default",
-    },
-    },
-    'Drafts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.drafts",
-    },
-    },
-    'Contacts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "contact.default",
-    '/shared/vendor/kolab/folder-type': "contact",
-    },
-    },
-    'Journal': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "journal.default",
-    '/shared/vendor/kolab/folder-type': "journal",
-    },
-    },
-    'Notes': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': 'note.default',
-    '/shared/vendor/kolab/folder-type': 'note',
-    },
-    },
-    'Sent': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.sentitems",
-    },
-    },
-    'Spam': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.junkemail",
-    },
-    },
-    'Tasks': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "task.default",
-    '/shared/vendor/kolab/folder-type': "task",
-    },
-    },
-    'Trash': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.trash",
-    },
-    },
-    }
-default_quota = 1048576
-
-[kolabsys.com]
-primary_mail = %(uid)s@(domain)s
-autocreate_folders = {
-    'Calendar': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "event.default",
-    '/shared/vendor/kolab/folder-type': "event",
-    },
-    },
-    'Configuration': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "configuration.default",
-    '/shared/vendor/kolab/folder-type': "configuration.default",
-    },
-    },
-    'Drafts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.drafts",
-    },
-    },
-    'Contacts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "contact.default",
-    '/shared/vendor/kolab/folder-type': "contact",
-    },
-    },
-    'Journal': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "journal.default",
-    '/shared/vendor/kolab/folder-type': "journal",
-    },
-    },
-    'Notes': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': 'note.default',
-    '/shared/vendor/kolab/folder-type': 'note',
-    },
-    },
-    'Sent': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.sentitems",
-    },
-    },
-    'Spam': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.junkemail",
-    },
-    },
-    'Tasks': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "task.default",
-    '/shared/vendor/kolab/folder-type': "task",
-    },
-    },
-    'Trash': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.trash",
-    },
-    },
-    }
-secondary_mail = {
-    0: {
-    "{0}.{1}@{2}": "format('%(givenname)s'[0:1].capitalize(), '%(surname)s', '%(domain)s')"
-    },
-    1: {
-    "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')"
-    }
-    }
-default_quota = 1048576
-
-[kolab.org]
-base_dn = dc=kolab,dc=org
-user_base_dn = ou=People,%(base_dn)s
-primary_mail = %(givenname)s.%(surname)s@%(domain)s
-autocreate_folders = {
-    'Calendar': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "event.default",
-    '/shared/vendor/kolab/folder-type': "event",
-    },
-    },
-    'Configuration': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "configuration.default",
-    '/shared/vendor/kolab/folder-type': "configuration.default",
-    },
-    },
-    'Drafts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.drafts",
-    },
-    },
-    'Contacts': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "contact.default",
-    '/shared/vendor/kolab/folder-type': "contact",
-    },
-    },
-    'Journal': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "journal.default",
-    '/shared/vendor/kolab/folder-type': "journal",
-    },
-    },
-    'Notes': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': 'note.default',
-    '/shared/vendor/kolab/folder-type': 'note',
-    },
-    },
-    'Sent': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.sentitems",
-    },
-    },
-    'Spam': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.junkemail",
-    },
-    },
-    'Tasks': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "task.default",
-    '/shared/vendor/kolab/folder-type': "task",
-    },
-    },
-    'Trash': {
-    'annotations': {
-    '/private/vendor/kolab/folder-type': "mail.trash",
-    },
-    },
-    }
-default_quota = 1048576
-EOF
-
diff --git a/hosted-kolab/12-update-mysql-table-for-hosted.sh b/hosted-kolab/12-update-mysql-table-for-hosted.sh
deleted file mode 100755
index f200bf3..0000000
--- a/hosted-kolab/12-update-mysql-table-for-hosted.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ -f "`ls -1 /usr/share/kolab-webadmin/doc/kolab_hosting-*.sql`" ]; then
-    sql_file="`ls -1 /usr/share/kolab-webadmin/doc/kolab_hosting-*.sql`"
-else
-    sql_file="`ls -1 /usr/share/doc/kolab-webadmin-*/kolab_hosting-*.sql`"
-fi
-
-mysql --user=kolab --password=Welcome2KolabSystems kolab < $sql_file
-
diff --git a/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh b/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh
deleted file mode 100755
index 0109792..0000000
--- a/hosted-kolab/13-add-hosted-domain-with-external-ldap.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-if [ $# -ne 1 ]; then
-    read -p "Domain name space: " $domain_name_space
-else
-    domain_name_space=$1
-fi
-
-(
-    echo "dn: associateddomain=${domain_name_space},cn=kolab,cn=config"
-    echo "objectclass: top"
-    echo "objectclass: domainrelatedobject"
-    echo "associateddomain: ${domain_name_space}"
-    if [ ! -z "$2" ]; then
-        echo "inetdomainbasedn: $2"
-    fi
-    echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/hosted-kolab/14-add-hosted-roles.sh b/hosted-kolab/14-add-hosted-roles.sh
index 2482f92..42e17bf 100755
--- a/hosted-kolab/14-add-hosted-roles.sh
+++ b/hosted-kolab/14-add-hosted-roles.sh
@@ -3,23 +3,33 @@
 . ./settings.sh
 
 (
-    echo "dn: cn=IMAPUser,dc=mykolab,dc=com"
+    echo "dn: cn=activesync-user,${hosted_domain_rootdn}"
     echo "objectclass: top"
     echo "objectclass: ldapsubentry"
     echo "objectclass: nsroledefinition"
     echo "objectclass: nssimpleroledefinition"
     echo "objectclass: nsmanagedroledefinition"
-    echo "cn: IMAPUser"
+    echo "cn: activesync-user"
 ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
 
 (
-    echo "dn: cn=ActiveSyncUser,dc=mykolab,dc=com"
+    echo "dn: cn=imap-user,${hosted_domain_rootdn}"
     echo "objectclass: top"
     echo "objectclass: ldapsubentry"
     echo "objectclass: nsroledefinition"
     echo "objectclass: nssimpleroledefinition"
     echo "objectclass: nsmanagedroledefinition"
-    echo "cn: ActiveSyncUser"
+    echo "cn: imap-user"
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+(
+    echo "dn: cn=kolab-user,${hosted_domain_rootdn}"
+    echo "objectclass: top"
+    echo "objectclass: ldapsubentry"
+    echo "objectclass: nsroledefinition"
+    echo "objectclass: nssimpleroledefinition"
+    echo "objectclass: nsmanagedroledefinition"
+    echo "cn: kolab-user"
 ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
 
 #(
-- 
cgit v0.12