Changeset View
Changeset View
Standalone View
Standalone View
lib/api/kolab_api_service_domain.php
| Show First 20 Lines • Show All 308 Lines • ▼ Show 20 Lines | protected function _mod_domain_attrs($domain, &$attributes, $olddn = null) | ||||
| } | } | ||||
| $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | ||||
| $aci = array( | $aci = array( | ||||
| '(targetattr = "*")' | '(targetattr = "*")' | ||||
| . '(version 3.0; acl "Deny Unauthorized"; deny (all)' | . '(version 3.0; acl "Deny Unauthorized"; deny (all)' | ||||
| . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
| . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | ||||
| . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | ||||
| '(targetattr != "userPassword")' | '(targetattr != "userPassword")' | ||||
| . '(version 3.0;acl "Search Access";allow (read,compare,search)' | . '(version 3.0;acl "Search Access";allow (read,compare,search)' | ||||
| . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
| . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | ||||
| '(targetattr = "*")' | '(targetattr = "*")' | ||||
| . '(version 3.0;acl "Kolab Administrators";allow (all)' | . '(version 3.0;acl "Kolab Administrators";allow (all)' | ||||
| . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | ||||
| . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)' | . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)' | ||||
| ); | ); | ||||
| // Preserve important old aci and inetdomainbasedn attributes of the | // Preserve important old aci and inetdomainbasedn attributes of the | ||||
| ▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | protected function _after_domain_created($attributes, $domain) | ||||
| 'description' => $domain, | 'description' => $domain, | ||||
| 'type_id' => 1, | 'type_id' => 1, | ||||
| ); | ); | ||||
| $ou_domain['aci'] = array( | $ou_domain['aci'] = array( | ||||
| '(targetattr = "*")' | '(targetattr = "*")' | ||||
| . '(version 3.0;acl "Deny Unauthorized"; deny (all)' | . '(version 3.0;acl "Deny Unauthorized"; deny (all)' | ||||
| . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
| . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | ||||
| . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', | ||||
| '(targetattr != "userPassword")' | '(targetattr != "userPassword")' | ||||
| . '(version 3.0;acl "Search Access";allow (read,compare,search,write)' | . '(version 3.0;acl "Search Access";allow (read,compare,search)' | ||||
| . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | ||||
| . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | . 'ldap:///' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | ||||
| '(targetattr = "*")' | '(targetattr = "*")' | ||||
| . '(version 3.0;acl "Kolab Administrators";allow (all)' | . '(version 3.0;acl "Kolab Administrators";allow (all)' | ||||
| . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' | ||||
| . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)', | . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)', | ||||
| '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' | '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' | ||||
| . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' | . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' | ||||
| Show All 38 Lines | |||||