summaryrefslogtreecommitdiff
path: root/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
blob: 26856e91639d07a5c891c68aff0c8921ee4c14f4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/bash

 . ./settings.sh

if [ $# -ne 1 ]; then
    domain_to_lock=${domain}
else
    domain_to_lock=$1
fi

(
    echo "dn: associateddomain=${domain_to_lock},cn=kolab,cn=config"
    echo "changetype: modify"
    echo "add: aci"
    echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";deny (read,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
    echo ""
) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"