Changeset View
Changeset View
Standalone View
Standalone View
lib/api/kolab_api_service_domain.php
Show First 20 Lines • Show All 308 Lines • ▼ Show 20 Lines | protected function _mod_domain_attrs($domain, &$attributes, $olddn = null) | ||||
} | } | ||||
$domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | ||||
$aci = array( | $aci = array( | ||||
'(targetattr = "*")' | '(targetattr = "*")' | ||||
. '(version 3.0; acl "Deny Unauthorized"; deny (all)' | . '(version 3.0; acl "Deny Unauthorized"; deny (all)' | ||||
. '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | ||||
. 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | ||||
'(targetattr != "userPassword")' | '(targetattr != "userPassword")' | ||||
. '(version 3.0;acl "Search Access";allow (read,compare,search)' | . '(version 3.0;acl "Search Access";allow (read,compare,search)' | ||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | ||||
'(targetattr = "*")' | '(targetattr = "*")' | ||||
. '(version 3.0;acl "Kolab Administrators";allow (all)' | . '(version 3.0;acl "Kolab Administrators";allow (all)' | ||||
. '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | ||||
. 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)' | . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)' | ||||
); | ); | ||||
// Preserve important old aci and inetdomainbasedn attributes of the | // Preserve important old aci and inetdomainbasedn attributes of the | ||||
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | protected function _after_domain_created($attributes, $domain) | ||||
'description' => $domain, | 'description' => $domain, | ||||
'type_id' => 1, | 'type_id' => 1, | ||||
); | ); | ||||
$ou_domain['aci'] = array( | $ou_domain['aci'] = array( | ||||
'(targetattr = "*")' | '(targetattr = "*")' | ||||
. '(version 3.0;acl "Deny Unauthorized"; deny (all)' | . '(version 3.0;acl "Deny Unauthorized"; deny (all)' | ||||
. '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | ||||
. 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | ||||
'(targetattr != "userPassword")' | '(targetattr != "userPassword")' | ||||
. '(version 3.0;acl "Search Access";allow (read,compare,search,write)' | . '(version 3.0;acl "Search Access";allow (read,compare,search)' | ||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | ||||
'(targetattr = "*")' | '(targetattr = "*")' | ||||
. '(version 3.0;acl "Kolab Administrators";allow (all)' | . '(version 3.0;acl "Kolab Administrators";allow (all)' | ||||
. '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | ||||
. 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)', | . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)', | ||||
'(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' | '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' | ||||
. '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' | . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' | ||||
Show All 38 Lines |