Changeset View
Changeset View
Standalone View
Standalone View
docker/ds389/ds_install.ldif.tpl
- This file was added.
# ${LDAP_ADMIN_ROOT_DN} | |||||
dn: ${LDAP_ADMIN_ROOT_DN} | |||||
aci: (targetattr = \"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier || kolabDelegate || kolabInvitationPolicy || kolabAllowSMTPSender\") (version 3.0; acl \"Enable self write for common attributes\"; allow (read,compare,search,write)(userdn = \"ldap:///self\");) | |||||
aci: (targetattr = \"*\") (version 3.0;acl \"Directory Administrators Group\";allow (all)(groupdn = \"ldap:///cn=Directory Administrators,dc=klab,dc=cc\" or roledn = \"ldap:///cn=kolab-admin,dc=klab,dc=cc\");) | |||||
aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";) | |||||
aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";) | |||||
aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-ldap-k8s,cn=389 Directory Server,cn=Server Group,cn=ldap-k8s.klab.cc,ou=klab.cc,o=NetscapeRoot\";) | |||||
aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///all\");) | |||||
objectClass: top | |||||
objectClass: domain | |||||
# Directory Administrators, ${DOMAIN} | |||||
dn: cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: groupofuniquenames | |||||
cn: Directory Administrators | |||||
uniqueMember: cn=Directory Manager | |||||
# Domains definition location ${DOMAIN} | |||||
dn: ${LDAP_DOMAIN_BASE_DN} | |||||
objectclass: top | |||||
objectclass: extensibleobject | |||||
ou: Domains | |||||
aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${LDAP_ADMIN_ROOT_DN}\");) | |||||
# Groups, ${DOMAIN} | |||||
dn: ou=Groups,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
ou: Groups | |||||
# People, ${DOMAIN} | |||||
dn: ou=People,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
ou: People | |||||
# Resources, ${DOMAIN} | |||||
dn: ou=Resources,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
ou: Resources | |||||
# Shared Folders, ${DOMAIN} | |||||
dn: ou=Shared Folders,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
ou: Shared Folders | |||||
# Special User, ${DOMAIN} | |||||
dn: ou=Special Users,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: organizationalUnit | |||||
ou: Special Users | |||||
description: Special Administrative Accounts | |||||
# Add kolab-admin role | |||||
dn: cn=kolab-admin,${LDAP_ADMIN_ROOT_DN} | |||||
objectClass: top | |||||
objectClass: ldapsubentry | |||||
objectClass: nsroledefinition | |||||
objectClass: nssimpleroledefinition | |||||
objectClass: nsmanagedroledefinition | |||||
cn: kolab-admin | |||||
description: Kolab Administrator | |||||
# cyrus-admin, Special Users, ${DOMAIN} | |||||
dn: uid=cyrus-admin,ou=Special Users,${LDAP_ADMIN_ROOT_DN} | |||||
sn: Administrator | |||||
uid: cyrus-admin | |||||
objectClass: top | |||||
objectClass: person | |||||
objectClass: inetorgperson | |||||
objectClass: organizationalperson | |||||
givenName: Cyrus | |||||
cn: Cyrus Administrator | |||||
userPassword: ${CM_CYRUS_ADMIN_PW} | |||||
# kolab-service, Special Users, ${DOMAIN} | |||||
dn: ${LDAP_SERVICE_BIND_DN} | |||||
sn: Service | |||||
uid: kolab-service | |||||
objectClass: top | |||||
objectClass: person | |||||
objectClass: inetorgperson | |||||
objectClass: organizationalperson | |||||
givenName: Kolab | |||||
cn: Kolab Service | |||||
userPassword: ${LDAP_SERVICE_BIND_PW} | |||||
nsIdleTimeout: -1 | |||||
nsTimeLimit: -1 | |||||
nsSizeLimit: -1 | |||||
nsLookThroughLimit: -1 | |||||
# hosted-kolab-service, Special Users, ${DOMAIN} | |||||
dn: ${LDAP_HOSTED_BIND_DN} | |||||
objectclass: top | |||||
objectclass: inetorgperson | |||||
objectclass: person | |||||
uid: hosted-kolab-service | |||||
cn: Hosted Kolab Service Account | |||||
sn: Service Account | |||||
givenname: Hosted Kolab | |||||
userpassword: ${LDAP_HOSTED_BIND_PW} | |||||
nsIdleTimeout: -1 | |||||
nsTimeLimit: -1 | |||||
nsSizeLimit: -1 | |||||
nsLookThroughLimit: -1 | |||||
# ${DOMAIN}, ${LDAP_DOMAIN_BASE_DN} | |||||
dn: associateddomain=${DOMAIN},${LDAP_DOMAIN_BASE_DN} | |||||
objectclass: top | |||||
objectclass: domainrelatedobject | |||||
associateddomain: ${DOMAIN} | |||||
associateddomain: localhost.localdomain | |||||
associateddomain: localhost | |||||
aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///${LDAP_SERVICE_BIND_DN} || ldap:///${LDAP_ADMIN_ROOT_DN}??sub?\(objectclass=*\)\");) | |||||
aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");) | |||||
################################### | |||||
# ${HOSTED_DOMAIN}, ${LDAP_DOMAIN_BASE_DN} | |||||
dn: associateddomain=${HOSTED_DOMAIN},${LDAP_DOMAIN_BASE_DN} | |||||
objectclass: top | |||||
objectclass: domainrelatedobject | |||||
objectclass: inetdomain | |||||
inetdomainstatus: active | |||||
associateddomain: ${HOSTED_DOMAIN} | |||||
inetdomainbasedn: ${LDAP_HOSTED_ROOT_DN} | |||||
# ${LDAP_HOSTED_ROOT_DN} | |||||
dn: ${LDAP_HOSTED_ROOT_DN} | |||||
aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";) | |||||
aci: (targetattr=\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${LDAP_HOSTED_ROOT_DN}\" or roledn=\"ldap:///cn=kolab-admin,${LDAP_HOSTED_ROOT_DN}\");) | |||||
aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";) | |||||
aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";) | |||||
aci: (targetattr=\"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-${DS_INSTANCE_NAME},cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";) | |||||
aci: (targetattr=\"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_HOSTED_ROOT_DN}??sub?(objectclass=*)\");) | |||||
aci: (targetattr=\"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_SERVICE_BIND_DN}\");) | |||||
objectClass: top | |||||
objectClass: domain | |||||
dc: ${HOSTED_DOMAIN%.com} | |||||
# cn=2fa-user, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: cn=2fa-user,${LDAP_HOSTED_ROOT_DN} | |||||
cn: 2fa-user | |||||
description: 2fa-user role | |||||
objectclass: top | |||||
objectclass: ldapsubentry | |||||
objectclass: nsmanagedroledefinition | |||||
objectclass: nsroledefinition | |||||
objectclass: nssimpleroledefinition | |||||
# cn=activesync-user, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: cn=activesync-user,${LDAP_HOSTED_ROOT_DN} | |||||
cn: activesync-user | |||||
description: activesync-user role | |||||
objectclass: top | |||||
objectclass: ldapsubentry | |||||
objectclass: nsmanagedroledefinition | |||||
objectclass: nsroledefinition | |||||
objectclass: nssimpleroledefinition | |||||
# cn=imap-user, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: cn=imap-user,${LDAP_HOSTED_ROOT_DN} | |||||
cn: imap-user | |||||
description: imap-user role | |||||
objectclass: top | |||||
objectclass: ldapsubentry | |||||
objectclass: nsmanagedroledefinition | |||||
objectclass: nsroledefinition | |||||
objectclass: nssimpleroledefinition | |||||
# ou=Groups, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: ou=Groups,${LDAP_HOSTED_ROOT_DN} | |||||
ou: Groups | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
# ou=People, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: ou=People,${LDAP_HOSTED_ROOT_DN} | |||||
aci: (targetattr=\"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");) | |||||
ou: People | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
# ou=Resources, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: ou=Resources,${LDAP_HOSTED_ROOT_DN} | |||||
ou: Resources | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||
# ou=Shared Folders, ${LDAP_HOSTED_ROOT_DN} | |||||
dn: ou=Shared Folders,${LDAP_HOSTED_ROOT_DN} | |||||
ou: Shared Folders | |||||
objectClass: top | |||||
objectClass: organizationalunit | |||||