summaryrefslogtreecommitdiff
path: root/hosted-kolab/08-add-customer-domain.sh
diff options
context:
space:
mode:
Diffstat (limited to 'hosted-kolab/08-add-customer-domain.sh')
-rwxr-xr-xhosted-kolab/08-add-customer-domain.sh235
1 files changed, 235 insertions, 0 deletions
diff --git a/hosted-kolab/08-add-customer-domain.sh b/hosted-kolab/08-add-customer-domain.sh
new file mode 100755
index 0000000..feb8010
--- /dev/null
+++ b/hosted-kolab/08-add-customer-domain.sh
@@ -0,0 +1,235 @@
+#!/bin/bash
+
+. ./settings.sh
+
+export mgmt_domain_rootdn="${rootdn}"
+export rootdn="dc=mykolab,dc=com"
+export hosted_domain="kanarip.com"
+export hosted_domain_rootdn="ou=kanarip.com,${rootdn}"
+
+(
+ echo "dn: associateddomain=${hosted_domain},ou=Domains,${mgmt_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "inetdomainstatus: active"
+ echo "inetdomainbasedn: ${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\") AND NOT roledn = \"ldap:///cn=admin-user,${mgmt_domain_rootdn}\";)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Administrators\";allow (all)(roledn = \"ldap:///cn=admin-user,${hosted_domain_rootdn} || ldap:///cn=admin-user,${mgmt_domain_rootdn}\");)"
+ echo ""
+
+ echo "dn: associateddomain=kanarip.ch,ou=Domains,${mgmt_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "inetdomainstatus: active"
+ echo "inetdomainbasedn: ${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\") AND NOT roledn = \"ldap:///cn=admin-user,${mgmt_domain_rootdn}\";)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Administrators\";allow (all)(roledn = \"ldap:///cn=admin-user,${hosted_domain_rootdn} || ldap:///cn=admin-user,${mgmt_domain_rootdn}\");)"
+ echo ""
+
+ echo "dn: associateddomain=kanarip.nl,ou=Domains,${mgmt_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "inetdomainstatus: active"
+ echo "inetdomainbasedn: ${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\") AND NOT roledn = \"ldap:///cn=admin-user,${mgmt_domain_rootdn}\";)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Administrators\";allow (all)(roledn = \"ldap:///cn=admin-user,${hosted_domain_rootdn} || ldap:///cn=admin-user,${mgmt_domain_rootdn}\");)"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+(
+ echo "dn: ${hosted_domain_rootdn}"
+ echo "ou: ${hosted_domain}"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\") AND NOT roledn = \"ldap:///cn=admin-user,${mgmt_domain_rootdn}\";)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Administrators\";allow (all)(roledn = \"ldap:///cn=admin-user,${hosted_domain_rootdn} || ldap:///cn=admin-user,${mgmt_domain_rootdn}\");)"
+ echo "aci: (target = \"ldap:///ou=*,${hosted_domain_rootdn}\")(targetattr=\"objectclass || aci || ou\") (version 3.0;acl \"Allow Domain sub-OU Registration\"; allow (add)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn}\");)"
+ echo "aci: (target = \"ldap:///uid=*,ou=People,${hosted_domain_rootdn}\")(targetattr=\"*\") (version 3.0;acl \"Allow Domain First User Registration\"; allow (add)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn}\");)"
+ echo "aci: (target = \"ldap:///cn=*,${hosted_domain_rootdn}\")(targetattr=\"objectclass || cn\") (version 3.0;acl \"Allow Domain Role Registration\"; allow (add)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn}\");)"
+ echo ""
+
+ echo "dn: cn=admin-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: admin-user"
+ echo ""
+
+ echo "dn: cn=activesync-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: activesync-user"
+ echo ""
+
+ echo "dn: cn=imap-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: imap-user"
+ echo ""
+
+ echo "dn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: kolab-user"
+ echo ""
+
+ echo "dn: cn=xmpp-user,${hosted_domain_rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "cn: xmpp-user"
+ echo ""
+
+ echo "dn: ou=Groups,${hosted_domain_rootdn}"
+ echo "ou: Groups"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=People,${hosted_domain_rootdn}"
+ echo "ou: People"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Resources,${hosted_domain_rootdn}"
+ echo "ou: Resources"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
+ echo "ou: Shared Folders"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: uid=kanarip@kanarip.com,ou=People,${hosted_domain_rootdn}"
+ echo "objectClass: top"
+ echo "objectClass: inetorgperson"
+ echo "objectClass: kolabinetorgperson"
+ echo "objectClass: mailrecipient"
+ echo "objectClass: organizationalperson"
+ echo "objectClass: country"
+ echo "objectClass: person"
+ echo "givenName: Jeroen"
+ echo "mailQuota: 2097152"
+ echo "sn: van Meeuwen"
+ echo "cn: Jeroen van Meeuwen"
+ echo "mail: kanarip@kanarip.com"
+ echo "uid: kanarip@kanarip.com"
+ echo "mailHost: localhost"
+ echo "mailalternateaddress: vanmeeuwen@kolabsys.com"
+ echo "telephonenumber: +41438178006"
+ echo "mobile: +41799519003"
+ echo "street: Schulhausstrasse 47"
+ echo "postalcode: 8703"
+ echo "l: Erlenbach"
+ echo "c: CH"
+ echo "userPassword: ${default_user_password}"
+ echo "nsroledn: cn=activesync-user,${hosted_domain_rootdn}"
+ echo "nsroledn: cn=admin-user,${hosted_domain_rootdn}"
+ echo "nsroledn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn}" -w Welcome2KolabSystems -c
+
+(
+ echo "dn: ${hosted_domain_rootdn}"
+ echo "changetype: modify"
+ echo "replace: aci"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\") AND NOT roledn = \"ldap:///cn=admin-user,${mgmt_domain_rootdn}\";)"
+ echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${mgmt_domain_rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=inetorgperson)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Administrators\";allow (all)(roledn = \"ldap:///cn=admin-user,${hosted_domain_rootdn} || ldap:///cn=admin-user,${mgmt_domain_rootdn}\");)"
+ echo ""
+) | ldapmodify -x -h ${ldap_host} -D "uid=hosted-kolab-service,ou=Special Users,${mgmt_domain_rootdn}" -w Welcome2KolabSystems -c
+
+(
+ echo "dn: uid=lydia@kanarip.com,ou=People,${hosted_domain_rootdn}"
+ echo "objectClass: top"
+ echo "objectClass: inetorgperson"
+ echo "objectClass: kolabinetorgperson"
+ echo "objectClass: mailrecipient"
+ echo "objectClass: organizationalperson"
+ echo "objectClass: person"
+ echo "givenName: Lydia"
+ echo "mailQuota: 2097152"
+ echo "sn: van Meeuwen"
+ echo "cn: Lydia van Meeuwen"
+ echo "mail: lydia@kanarip.nl"
+ echo "uid: lydia@kanarip.com"
+ echo "mailHost: localhost"
+ echo "userPassword: ${default_user_password}"
+ echo "nsroledn: cn=activesync-user,${hosted_domain_rootdn}"
+ echo "nsroledn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo ""
+
+ echo "dn: uid=annabelle@kanarip.com,ou=People,${hosted_domain_rootdn}"
+ echo "objectClass: top"
+ echo "objectClass: inetorgperson"
+ echo "objectClass: kolabinetorgperson"
+ echo "objectClass: mailrecipient"
+ echo "objectClass: organizationalperson"
+ echo "objectClass: person"
+ echo "givenName: Annabelle"
+ echo "mailQuota: 2097152"
+ echo "sn: van Meeuwen"
+ echo "cn: Annabelle van Meeuwen"
+ echo "mail: annabelle@kanarip.ch"
+ echo "uid: annabelle@kanarip.com"
+ echo "mailHost: localhost"
+ echo "userPassword: ${default_user_password}"
+ echo "nsroledn: cn=activesync-user,${hosted_domain_rootdn}"
+ echo "nsroledn: cn=kolab-user,${hosted_domain_rootdn}"
+ echo ""
+) | ldapadd -x -h ${ldap_host} -D "uid=kanarip@kanarip.com,ou=People,${hosted_domain_rootdn}" -w "${default_user_password}" -c
+
+num_domains=$(
+ ldapsearch -x -h localhost \
+ -D "uid=kanarip@kanarip.com,ou=People,${hosted_domain_rootdn}" \
+ -w "${default_user_password}" \
+ -b "${domain_base_dn}" \
+ -s sub \
+ -LLL "(&(objectclass=domainrelatedobject)(associateddomain=${hosted_domain}))" dn | \
+ grep ^dn | \
+ wc -l
+ )
+
+if [ ${num_domains} -ne 1 ]; then
+ echo "ERROR: Expected 1 domain, got ${num_domains} domains"
+fi
+
+num_domains=$(
+ ldapsearch -x -h localhost \
+ -D "uid=kanarip@kanarip.com,ou=People,${hosted_domain_rootdn}" \
+ -w "${default_user_password}" \
+ -b "${domain_base_dn}" \
+ -s sub \
+ -LLL "(objectclass=domainrelatedobject)" dn | \
+ grep ^dn | \
+ wc -l
+ )
+
+if [ ${num_domains} -ne 3 ]; then
+ echo "ERROR: Expected 3 domains, got ${num_domains} domain(s)"
+fi
+