summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-20 15:35:41 (GMT)
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-20 15:35:41 (GMT)
commitcc35e6e43844dd5d95ae7ab9c458ae78d57cf2fb (patch)
tree0f1c749642ce379bf3b3760901522a8cde92fee6
parent8bfceded5c9d758fb590b7ebe218a19eaa192769 (diff)
downloadpykolab-cc35e6e43844dd5d95ae7ab9c458ae78d57cf2fb.tar.gz
Find a Kolab LDAP schema extensions file starting with kolab and ending with '.ldif' so that it does not actually matter whether kolab2.ldif or kolab3.ldif is installed. (#1487)
Log an error if the schema file for LDAP schema extensions for Kolab cannot be found, or cannot be copied. (#1487) Append the ACI for kolab extensions only when the schema is actually successfully inserted. (#1487)
-rw-r--r--pykolab/setup/setup_ldap.py30
1 files changed, 21 insertions, 9 deletions
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 23aaf6c..f699e4c 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -286,18 +286,25 @@ ServerAdminPwd = %(admin_pass)s
schema_file = None
for root, directories, filenames in os.walk('/usr/share/doc/'):
for filename in filenames:
- if filename == 'kolab2.ldif':
+ if filename.startswith('kolab') and filename.endswith('.ldif') and not schema_file == None:
schema_file = os.path.join(root,filename)
if not schema_file == None:
- shutil.copy(
- schema_file,
- '/etc/dirsrv/slapd-%s/schema/99kolab2.ldif' % (
- _input['hostname']
- )
- )
+ try:
+ shutil.copy(
+ schema_file,
+ '/etc/dirsrv/slapd-%s/schema/99%s' % (
+ _input['hostname'],
+ os.path.basename(schema_file)
+ )
+ )
+ schema_error = False
+ except:
+ log.error(_("Could not copy the LDAP extensions for Kolab"))
+ schema_error = True
else:
- log.warning(_("Could not find the ldap Kolab schema file"))
+ log.error(_("Could not find the ldap Kolab schema file"))
+ schema_error = True
if os.path.isfile('/bin/systemctl'):
subprocess.call(['/bin/systemctl', 'restart', 'dirsrv.target'])
@@ -536,7 +543,12 @@ ServerAdminPwd = %(admin_pass)s
log.info(_("Setting access control to %s") % (_input['rootdn']))
dn = _input['rootdn']
aci = []
- aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || kolabAllowSMTPRecipient || displayName || kolabDelegate || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || kolabInvitationPolicy || pager || o || l || initials || kolabAllowSMTPSender || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+
+ if not schema_error:
+ aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || displayName || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || pager || o || l || initials || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+ else:
+ aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || kolabAllowSMTPRecipient || displayName || kolabDelegate || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || kolabInvitationPolicy || pager || o || l || initials || kolabAllowSMTPSender || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+
aci.append('(targetattr = "*") (version 3.0;acl "Directory Administrators Group";allow (all)(groupdn = "ldap:///cn=Directory Administrators,%(rootdn)s" or roledn = "ldap:///cn=kolab-admin,%(rootdn)s");)' % (_input))
aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)')
aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";)')