summaryrefslogtreecommitdiff
path: root/hosted-kolab/07-add-self-reg-hosted-domain.sh
diff options
context:
space:
mode:
Diffstat (limited to 'hosted-kolab/07-add-self-reg-hosted-domain.sh')
-rwxr-xr-xhosted-kolab/07-add-self-reg-hosted-domain.sh144
1 files changed, 144 insertions, 0 deletions
diff --git a/hosted-kolab/07-add-self-reg-hosted-domain.sh b/hosted-kolab/07-add-self-reg-hosted-domain.sh
new file mode 100755
index 0000000..97c9a7f
--- /dev/null
+++ b/hosted-kolab/07-add-self-reg-hosted-domain.sh
@@ -0,0 +1,144 @@
+#!/bin/bash
+
+. ./settings.sh
+
+(
+ echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "associateddomain: ${hosted_domain}"
+ echo "inetdomainstatus: active"
+ echo "inetdomainbasedn: dc=mykolab,dc=com"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn} || ldap://ou=People,${hosted_domain_rootdn}??sub?(objectclass=*)\") AND NOT (roledn = \"ldap:///cn=admin-user,${rootdn}\");)"
+ echo ""
+
+ for domain in kolabnow.com swisscollab.ch mykolab.ch; do
+ echo "dn: associateddomain=${domain},${domain_base_dn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "associateddomain: ${domain}"
+ echo "inetdomainstatus: active"
+ echo "inetdomainbasedn: dc=mykolab,dc=com"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn} || ldap://ou=People,${hosted_domain_rootdn}??sub?(objectclass=*)\") AND NOT (roledn = \"ldap:///cn=admin-user,${rootdn}\");)"
+ echo ""
+ done
+
+ echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config"
+ echo "objectClass: top"
+ echo "objectClass: extensibleObject"
+ echo "objectClass: nsMappingTree"
+ echo "nsslapd-state: backend"
+ echo "cn: ${hosted_domain_rootdn}"
+ echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo ""
+
+ echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config"
+ echo "objectClass: top"
+ echo "objectClass: extensibleobject"
+ echo "objectClass: nsbackendinstance"
+ echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo "nsslapd-suffix: ${hosted_domain_rootdn}"
+ echo "nsslapd-cachesize: -1"
+ echo "nsslapd-cachememsize: 10485760"
+ echo "nsslapd-readonly: off"
+ echo "nsslapd-require-index: off"
+ echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo "nsslapd-dncachememsize: 10485760"
+ echo ""
+
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+(
+ echo "dn: ${hosted_domain_rootdn}"
+ echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)"
+ echo "aci: (targetattr = \"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)"
+ echo "aci: (targetattr = \"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)"
+ echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Kolab Administrators\";allow (all) (roledn=\"ldap:///cn=admin-user,${rootdn}\");)"
+ echo "aci: (targetattr != \"userPassword\")(version 3.0;acl \"Search Access\";allow (compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr != \"userPassword\")(version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "aci: (target = \"ldap:///ou=*,${hosted_domain_rootdn}\")(targetattr=\"objectclass || aci || ou\") (version 3.0;acl \"Allow Domain OU Registration\"; allow (add,write)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "objectClass: top"
+ echo "objectClass: domain"
+ echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+(
+ echo "dn: cn=active-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: active-user"
+ echo ""
+
+ echo "dn: cn=suspended-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: suspended-user"
+ echo ""
+
+ echo "dn: cn=imap-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: imap-user"
+ echo ""
+
+ echo "dn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: kolab-user"
+ echo ""
+
+ echo "dn: ou=Groups,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: Groups"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=People,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Allow Hosted Kolab Service\"; allow (search,add,read)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Allow Kolab Service\"; allow (read,search,compare)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Self Search Access\";allow (read,compare,search)(userdn = \"ldap:///self\");)"
+ echo "ou: People"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Special Users,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: Special Users"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Resources,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: Resources"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: Shared Folders"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"