summaryrefslogtreecommitdiff
path: root/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
diff options
context:
space:
mode:
Diffstat (limited to 'hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh')
-rwxr-xr-xhosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh18
1 files changed, 18 insertions, 0 deletions
diff --git a/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh b/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
new file mode 100755
index 0000000..26856e9
--- /dev/null
+++ b/hosted-kolab/03-prevent-hosted-kolab-service-account-from-reading-domain.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+ . ./settings.sh
+
+if [ $# -ne 1 ]; then
+ domain_to_lock=${domain}
+else
+ domain_to_lock=$1
+fi
+
+(
+ echo "dn: associateddomain=${domain_to_lock},cn=kolab,cn=config"
+ echo "changetype: modify"
+ echo "add: aci"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";deny (read,search)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo ""
+) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+