summaryrefslogtreecommitdiff
path: root/hosted-kolab/05-add-hosted-domain.sh
blob: 721cb40da9ff36042f9fd29d8f28a093668719fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/bash

. ./settings.sh

(
	echo "dn: associateddomain=${hosted_domain},ou=Domains,${rootdn}"
	echo "objectclass: top"
	echo "objectclass: domainrelatedobject"
	echo "objectclass: inetdomain"
	echo "inetdomainstatus: active"
	echo "associateddomain: mykolab.com"
	echo "associateddomain: mykolab.ch"
	echo ""

	echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config"
	echo "objectClass: top"
	echo "objectClass: extensibleObject"
	echo "objectClass: nsMappingTree"
	echo "nsslapd-state: backend"
	echo "cn: ${hosted_domain_rootdn}"
	echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
	echo ""

	echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config"
	echo "objectClass: top"
	echo "objectClass: extensibleobject"
	echo "objectClass: nsbackendinstance"
	echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
	echo "nsslapd-suffix: ${hosted_domain_rootdn}"
	echo "nsslapd-cachesize: -1"
	echo "nsslapd-cachememsize: 10485760"
	echo "nsslapd-readonly: off"
	echo "nsslapd-require-index: off"
	echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')"
	echo "nsslapd-dncachememsize: 10485760"
	echo ""

) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"

(
	echo "dn: ${hosted_domain_rootdn}"
	echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)"
	echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)"
	echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)"
	echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)"
	echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)"
	echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
	echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${domain_rootdn}\");)"
	echo "objectClass: top"
	echo "objectClass: domain"
	echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)"
	echo ""
) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"

(
	echo "dn: ou=Groups,${hosted_domain_rootdn}"
	echo "ou: Groups"
	echo "objectClass: top"
	echo "objectClass: organizationalunit"
	echo ""

	echo "dn: ou=People,${hosted_domain_rootdn}"
	echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${domain_rootdn}\");)"
	echo "ou: People"
	echo "objectClass: top"
	echo "objectClass: organizationalunit"
	echo ""

	echo "dn: ou=Special Users,${hosted_domain_rootdn}"
	echo "ou: Special Users"
	echo "objectClass: top"
	echo "objectClass: organizationalunit"
	echo ""

	echo "dn: ou=Resources,${hosted_domain_rootdn}"
	echo "ou: Resources"
	echo "objectClass: top"
	echo "objectClass: organizationalunit"
	echo ""

	echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
	echo "ou: Shared Folders"
	echo "objectClass: top"
	echo "objectClass: organizationalunit"
	echo ""

) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"