D1522.1775192172.diff
No OneTemporary
Actions

Authored By

Unknown

Size

47 KB

Referenced Files

None

Subscribers

None

D1522.1775192172.diff
View Options

	diff --git a/docker/ds389/Dockerfile b/docker/ds389/Dockerfile
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/Dockerfile
	@@ -0,0 +1,29 @@
	+FROM centos/centos7:latest
	+
	+MAINTAINER Liutauras Adomaitis <adomaitis@kolabsys.com>
	+
	+RUN yum install -y epel-release 389-ds-base 389-adminutil gettext \
	+ && yum update -y \
	+ && yum clean all
	+
	+ COPY *.tpl ./
	+ COPY kolab-schema.ldif 99kolab-schema.ldif
	+
	+ RUN for F in $(ls *.tpl); do eval "echo \"$(cat $F)\"" \| tee $(basename $F .tpl); done
	+
	+ RUN useradd ldapadmin \
	+ && rm -fr /var/lock /usr/lib/systemd/system \
	+ # No persistent storage
	+ # && mkdir /srv/dirsrv/{cnf,lib,log} && ln -s /srv/cnf/ /etc/dirsrv/ && ln -s /srv/lib/ /var/lib/dirsrv/ && ln -s /srv/log/ /var/log/dirsrv/ \
	+ && setup-ds.pl -ddd --silent --file /ds_setup.inf \
	+ && chown nobody.nobody -R /var/lib/dirsrv/
	+
	+ EXPOSE 389
	+
	+ CMD for B in $(ls /tmp/ds389-load/*_backend.ldif); do \
	+ ## eval "echo \"$(cat $B)\"" \| tee $(basename $B .tpl); \
	+ /usr/lib64/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif2db -Z ${DS_INSTANCE_NAME} -n $(basename ${B} _backend.ldif) -i ${B}; \
	+ done \
	+ && /usr/lib64/dirsrv/slapd-hkccp/start-slapd \
	+ && tail -F /var/log/dirsrv/slapd-$DS_INSTANCE_NAME/access /var/log/dirsrv/slapd-$DS_INSTANCE_NAME/errors
	+
	diff --git a/docker/ds389/ds_adjustments.ldif.tpl b/docker/ds389/ds_adjustments.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_adjustments.ldif.tpl
	@@ -0,0 +1,105 @@
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-accesslog-logging-enabled
	+nsslapd-accesslog-logging-enabled: ${DS389_ACCESSLOG:-on}
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-auditlog-logging-enabled
	+nsslapd-auditlog-logging-enabled: ${DS389_AUDITLOG:-on}
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-sizelimit
	+nsslapd-sizelimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-idletimeout
	+nsslapd-idletimeout: 0
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-timelimit
	+nsslapd-timelimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-lookthroughlimit
	+nsslapd-lookthroughlimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-allow-anonymous-access
	+nsslapd-allow-anonymous-access: rootdse
	+
	+dn: cn=alias,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: add
	+objectClass: top
	+objectClass: nsIndex
	+cn: alias
	+nsSystemIndex: false
	+nsIndexType: pres
	+nsIndexType: eq
	+nsIndexType: sub
	+
	+dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: modify
	+add: nsIndexType
	+nsIndexType: pres
	+nsIndexType: sub
	+
	+dn: cn=associateddomain,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: add
	+objectclass: top
	+objectclass: nsindex
	+cn: associateddomain
	+nsSystemIndex: false
	+nsindextype: pres
	+nsindextype: eq
	+
	+dn: cn=ACL Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-aclpb-max-selected-acls
	+nsslapd-aclpb-max-selected-acls: 8192
	+
	+dn: cn=7-bit check,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: off
	+
	+dn: cn=attribute uniqueness,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=referential integrity postoperation,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginarg0
	+nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: alwaysrecordlogin
	+alwaysrecordlogin: yes
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: stateattrname
	+stateattrname: lastLoginTime
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: altstateattrname
	+altstateattrname: createTimestamp
	+
	diff --git a/docker/ds389/ds_admin_backend.ldif.tpl b/docker/ds389/ds_admin_backend.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_admin_backend.ldif.tpl
	@@ -0,0 +1,20 @@
	+dn: cn=\"${LDAP_ADMIN_ROOT_DN}\",cn=mapping tree,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsMappingTree
	+cn: ${LDAP_ADMIN_ROOT_DN}
	+nsslapd-state: backend
	+nsslapd-backend: ${DOMAIN_DB}
	+
	+dn: cn=${DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsBackendInstance
	+cn: ${DOMAIN_DB}
	+nsslapd-suffix: ${LDAP_ADMIN_ROOT_DN}
	+nsslapd-cachesize: -1
	+nsslapd-cachememsize: 10485760
	+nsslapd-readonly: off
	+nsslapd-require-index: off
	+nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${DOMAIN_DB}
	+nsslapd-dncachememsize: 10485760
	diff --git a/docker/ds389/ds_hosted_backend.ldif.tpl b/docker/ds389/ds_hosted_backend.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_hosted_backend.ldif.tpl
	@@ -0,0 +1,21 @@
	+dn: cn=\"${LDAP_HOSTED_ROOT_DN}\",cn=mapping tree,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsMappingTree
	+nsslapd-state: backend
	+cn: ${LDAP_HOSTED_ROOT_DN}
	+nsslapd-backend: ${HOSTED_DOMAIN_DB}
	+
	+dn: cn=${HOSTED_DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config
	+objectClass: top
	+objectClass: extensibleobject
	+objectClass: nsbackendinstance
	+cn: ${HOSTED_DOMAIN_DB}
	+nsslapd-suffix: ${LDAP_HOSTED_ROOT_DN}
	+nsslapd-cachesize: -1
	+nsslapd-cachememsize: 10485760
	+nsslapd-readonly: off
	+nsslapd-require-index: off
	+nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${HOSTED_DOMAIN_DB}
	+nsslapd-dncachememsize: 10485760
	+
	diff --git a/docker/ds389/ds_install.ldif.tpl b/docker/ds389/ds_install.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_install.ldif.tpl
	@@ -0,0 +1,197 @@
	+# ${LDAP_ADMIN_ROOT_DN}
	+dn: ${LDAP_ADMIN_ROOT_DN}
	+aci: (targetattr = \"carLicense \|\| description \|\| displayName \|\| facsimileTelephoneNumber \|\| homePhone \|\| homePostalAddress \|\| initials \|\| jpegPhoto \|\| l \|\| labeledURI \|\| mobile \|\| o \|\| pager \|\| photo \|\| postOfficeBox \|\| postalAddress \|\| postalCode \|\| preferredDeliveryMethod \|\| preferredLanguage \|\| registeredAddress \|\| roomNumber \|\| secretary \|\| seeAlso \|\| st \|\| street \|\| telephoneNumber \|\| telexNumber \|\| title \|\| userCertificate \|\| userPassword \|\| userSMIMECertificate \|\| x500UniqueIdentifier \|\| kolabDelegate \|\| kolabInvitationPolicy \|\| kolabAllowSMTPSender\") (version 3.0; acl \"Enable self write for common attributes\"; allow (read,compare,search,write)(userdn = \"ldap:///self\");)
	+aci: (targetattr = \"*\") (version 3.0;acl \"Directory Administrators Group\";allow (all)(groupdn = \"ldap:///cn=Directory Administrators,dc=klab,dc=cc\" or roledn = \"ldap:///cn=kolab-admin,dc=klab,dc=cc\");)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-ldap-k8s,cn=389 Directory Server,cn=Server Group,cn=ldap-k8s.klab.cc,ou=klab.cc,o=NetscapeRoot\";)
	+aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///all\");)
	+objectClass: top
	+objectClass: domain
	+
	+# Directory Administrators, ${DOMAIN}
	+dn: cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: groupofuniquenames
	+cn: Directory Administrators
	+uniqueMember: cn=Directory Manager
	+
	+# Domains definition location ${DOMAIN}
	+dn: ${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: extensibleobject
	+ou: Domains
	+aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${LDAP_ADMIN_ROOT_DN}\");)
	+
	+# Groups, ${DOMAIN}
	+dn: ou=Groups,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Groups
	+
	+# People, ${DOMAIN}
	+dn: ou=People,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: People
	+
	+# Resources, ${DOMAIN}
	+dn: ou=Resources,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Resources
	+
	+# Shared Folders, ${DOMAIN}
	+dn: ou=Shared Folders,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Shared Folders
	+
	+# Special User, ${DOMAIN}
	+dn: ou=Special Users,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Special Users
	+description: Special Administrative Accounts
	+
	+# Add kolab-admin role
	+dn: cn=kolab-admin,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: ldapsubentry
	+objectClass: nsroledefinition
	+objectClass: nssimpleroledefinition
	+objectClass: nsmanagedroledefinition
	+cn: kolab-admin
	+description: Kolab Administrator
	+
	+# cyrus-admin, Special Users, ${DOMAIN}
	+dn: uid=cyrus-admin,ou=Special Users,${LDAP_ADMIN_ROOT_DN}
	+sn: Administrator
	+uid: cyrus-admin
	+objectClass: top
	+objectClass: person
	+objectClass: inetorgperson
	+objectClass: organizationalperson
	+givenName: Cyrus
	+cn: Cyrus Administrator
	+userPassword: ${CM_CYRUS_ADMIN_PW}
	+
	+# kolab-service, Special Users, ${DOMAIN}
	+dn: ${LDAP_SERVICE_BIND_DN}
	+sn: Service
	+uid: kolab-service
	+objectClass: top
	+objectClass: person
	+objectClass: inetorgperson
	+objectClass: organizationalperson
	+givenName: Kolab
	+cn: Kolab Service
	+userPassword: ${LDAP_SERVICE_BIND_PW}
	+nsIdleTimeout: -1
	+nsTimeLimit: -1
	+nsSizeLimit: -1
	+nsLookThroughLimit: -1
	+
	+# hosted-kolab-service, Special Users, ${DOMAIN}
	+dn: ${LDAP_HOSTED_BIND_DN}
	+objectclass: top
	+objectclass: inetorgperson
	+objectclass: person
	+uid: hosted-kolab-service
	+cn: Hosted Kolab Service Account
	+sn: Service Account
	+givenname: Hosted Kolab
	+userpassword: ${LDAP_HOSTED_BIND_PW}
	+nsIdleTimeout: -1
	+nsTimeLimit: -1
	+nsSizeLimit: -1
	+nsLookThroughLimit: -1
	+
	+# ${DOMAIN}, ${LDAP_DOMAIN_BASE_DN}
	+dn: associateddomain=${DOMAIN},${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: domainrelatedobject
	+associateddomain: ${DOMAIN}
	+associateddomain: localhost.localdomain
	+associateddomain: localhost
	+aci: (targetattr = \"\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///${LDAP_SERVICE_BIND_DN} \|\| ldap:///${LDAP_ADMIN_ROOT_DN}??sub?$objectclass=$\");)
	+aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");)
	+
	+###################################
	+# ${HOSTED_DOMAIN}, ${LDAP_DOMAIN_BASE_DN}
	+dn: associateddomain=${HOSTED_DOMAIN},${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: domainrelatedobject
	+objectclass: inetdomain
	+inetdomainstatus: active
	+associateddomain: ${HOSTED_DOMAIN}
	+inetdomainbasedn: ${LDAP_HOSTED_ROOT_DN}
	+
	+# ${LDAP_HOSTED_ROOT_DN}
	+dn: ${LDAP_HOSTED_ROOT_DN}
	+aci: (targetattr=\"carLicense \|\| description \|\| displayName \|\| facsimileTelephoneNumber \|\| homePhone \|\| homePostalAddress \|\| initials \|\| jpegPhoto \|\| labeledURI \|\| mobile \|\| pager \|\| photo \|\| postOfficeBox \|\| postalAddress \|\| postalCode \|\| preferredDeliveryMethod \|\| preferredLanguage \|\| registeredAddress \|\| roomNumber \|\| secretary \|\| seeAlso \|\| st \|\| street \|\| telephoneNumber \|\| telexNumber \|\| title \|\| userCertificate \|\| userPassword \|\| userSMIMECertificate \|\| x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)
	+aci: (targetattr=\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${LDAP_HOSTED_ROOT_DN}\" or roledn=\"ldap:///cn=kolab-admin,${LDAP_HOSTED_ROOT_DN}\");)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-${DS_INSTANCE_NAME},cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";)
	+aci: (targetattr=\"\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_HOSTED_ROOT_DN}??sub?(objectclass=)\");)
	+aci: (targetattr=\"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_SERVICE_BIND_DN}\");)
	+objectClass: top
	+objectClass: domain
	+dc: ${HOSTED_DOMAIN%.com}
	+
	+# cn=2fa-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=2fa-user,${LDAP_HOSTED_ROOT_DN}
	+cn: 2fa-user
	+description: 2fa-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# cn=activesync-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=activesync-user,${LDAP_HOSTED_ROOT_DN}
	+cn: activesync-user
	+description: activesync-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# cn=imap-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=imap-user,${LDAP_HOSTED_ROOT_DN}
	+cn: imap-user
	+description: imap-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# ou=Groups, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Groups,${LDAP_HOSTED_ROOT_DN}
	+ou: Groups
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=People, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=People,${LDAP_HOSTED_ROOT_DN}
	+aci: (targetattr=\"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");)
	+ou: People
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=Resources, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Resources,${LDAP_HOSTED_ROOT_DN}
	+ou: Resources
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=Shared Folders, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Shared Folders,${LDAP_HOSTED_ROOT_DN}
	+ou: Shared Folders
	+objectClass: top
	+objectClass: organizationalunit
	+
	diff --git a/docker/ds389/ds_setup.inf.tpl b/docker/ds389/ds_setup.inf.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_setup.inf.tpl
	@@ -0,0 +1,27 @@
	+[General]
	+FullMachineName = ${FULL_MACHINE_NAME}
	+SuiteSpotUserID = nobody
	+SuiteSpotGroup = nobody
	+AdminDomain = ${DOMAIN}
	+StrictHostCheck = ${STRICT_HOST_CHECK}
	+ConfigDirectoryLdapURL = ldap://${DS_INSTANCE_NAME}:389/o=NetscapeRoot
	+ConfigDirectoryAdminID = admin
	+ConfigDirectoryAdminPwd = ${LDAP_ADMIN_BIND_PW}
	+
	+[slapd]
	+start_server = 0
	+SlapdConfigForMC = Yes
	+UseExistingMC = 0
	+ServerPort = 389
	+ServerIdentifier = ${DS_INSTANCE_NAME}
	+RootDN = ${LDAP_ADMIN_BIND_DN}
	+RootDNPwd = ${LDAP_ADMIN_BIND_PW}
	+AddSampleEntries = No
	+SchemaFile = /99kolab-schema.ldif
	+## InstallLdifFile = /ds_install.ldif
	+ConfigFile = /ds_adjustments.ldif
	+ds_bename = ${DOMAIN_DB}
	+Suffix = ${LDAP_ADMIN_ROOT_DN}
	+ConfigFile = /ds_admin_backend.ldif
	+ConfigFile = /ds_hosted_backend.ldif
	+
	diff --git a/docker/ds389/kolab-schema.ldif b/docker/ds389/kolab-schema.ldif
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/kolab-schema.ldif
	@@ -0,0 +1,384 @@
	+# $Id$
	+# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
	+# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de>
	+# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
	+#
	+# Redistribution and use in source and binary forms, with or without
	+# modification, are permitted provided that the following conditions are met:
	+#
	+# Redistributions of source code must retain the above copyright notice, this
	+# list of conditions and the following disclaimer.
	+#
	+# Redistributions in binary form must reproduce the above copyright notice,
	+# this list of conditions and the following disclaimer in the documentation
	+# and/or other materials provided with the distribution.
	+#
	+# The name of the author may not be used to endorse or promote products derived
	+# from this software without specific prior written permission.
	+#
	+#
	+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
	+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
	+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
	+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
	+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	+# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
	+# as provided by 3rd parties like OpenLDAP.
	+#
	+# slapd.conf then looks like
	+# include /kolab/etc/openldap/schema/core.schema
	+# include /kolab/etc/openldap/schema/cosine.schema
	+# include /kolab/etc/openldap/schema/inetorgperson.schema
	+# include /kolab/etc/openldap/schema/rfc2739.schema
	+# include /kolab/etc/openldap/schema/kolab3.schema
	+# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
	+# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
	+# Prefix for attributes: 1.3.6.1.4.1.19414.1
	+# Prefix for attributes: 1.3.6.1.4.1.19414.2
	+# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
	+# nameprefix: kolab
	+#
	+dn: cn=schema
	+####################
	+# kolab attributes #
	+####################
	+# kolabDeleteflag used to be a boolean but describes with Kolab 2
	+# the fqdn of the server which is requested to delete this objects
	+# in its local store
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2
	+ NAME 'kolabDeleteflag'
	+ DESC 'Per host deletion status'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# alias used to provide alternative rfc822 email addresses for kolab users
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3
	+ NAME 'alias'
	+ DESC 'RFC1274: RFC822 Mailbox'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Specifies the email delegates.
	+# An email delegate can send email on behalf of the account
	+# which means using the "from" of the account.
	+# Delegates are specified by the syntax of rfc822 email addresses.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3
	+ NAME 'kolabDelegate'
	+ DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# For user, group and resource Kolab accounts
	+# Describes how to respond to invitations
	+# We keep the attribute as a string, but actually it can only have one
	+# of the following values:
	+#
	+# ACT_ALWAYS_ACCEPT
	+# ACT_ALWAYS_REJECT
	+# ACT_REJECT_IF_CONFLICTS
	+# ACT_MANUAL_IF_CONFLICTS
	+# ACT_MANUAL
	+# In addition one of these values may be prefixed with a primary email
	+# address followed by a colon like
	+# user@domain.tld: ACT_ALWAYS_ACCEPT
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4
	+ NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
	+ DESC 'defines how to respond to invitations'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Begin date of Kolab vacation period. Sender will
	+# be notified every kolabVacationResendIntervall days
	+# that recipient is absent until kolabVacationEnd.
	+# Values in this syntax are encoded as printable strings,
	+# represented as specified in X.208.
	+# Note that the time zone must be specified.
	+# For Kolab we limit ourself to GMT
	+# YYYYMMDDHHMMZ e.g. 200512311458Z.
	+# see also: rfc 2252.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8
	+ NAME 'kolabVacationBeginDateTime'
	+ DESC 'Begin date of vacation'
	+ EQUALITY generalizedTimeMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	+ SINGLE-VALUE )
	+# End date of Kolab vacation period. Sender will
	+# be notified every kolabVacationResendIntervall days
	+# that recipient is absent starting from kolabVacationBeginDateTime.
	+# Values in this syntax are encoded as printable strings,
	+# represented as specified in X.208.
	+# Note that the time zone must be specified.
	+# For Kolab we limit ourself to GMT
	+# YYYYMMDDHHMMZ e.g. 200601012258Z.
	+# see also: rfc 2252.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9
	+ NAME 'kolabVacationEndDateTime'
	+ DESC 'End date of vacation'
	+ EQUALITY generalizedTimeMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	+ SINGLE-VALUE )
	+# Intervall in days after which senders get
	+# another vacation message.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10
	+ NAME 'kolabVacationResendInterval'
	+ DESC 'Vacation notice interval in days'
	+ EQUALITY integerMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	+ SINGLE-VALUE )
	+# Email recipient addresses which are handled by the
	+# vacation script. There can be multiple kolabVacationAddress
	+# entries for each kolabInetOrgPerson.
	+# Default is the primary email address and all
	+# email aliases of the kolabInetOrgPerson.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11
	+ NAME 'kolabVacationAddress'
	+ DESC 'Email address for vacation to response upon'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Enable sending vacation notices in reaction
	+# unsolicited commercial email.
	+# Default is no.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12
	+ NAME 'kolabVacationReplyToUCE'
	+ DESC 'Enable vacation notices to UCE'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Email recipient domains which are handled by the
	+# vacation script. There can be multiple kolabVacationReactDomain
	+# entries for each kolabInetOrgPerson
	+# Default is to handle all domains.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13
	+ NAME 'kolabVacationReactDomain'
	+ DESC 'Multivalued -- Email domain for vacation to response upon'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Keep local copy when forwarding emails to list of
	+# kolabForwardAddress.
	+# Default is no.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15
	+ NAME 'kolabForwardKeepCopy'
	+ DESC 'Keep copy when forwarding'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Enable forwarding of UCE.
	+# Default is yes.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16
	+ NAME 'kolabForwardUCE'
	+ DESC 'Enable forwarding of mails known as UCE'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Describes the allowed or disallowed smtp recipient addresses for mail sent
	+# by the user associated with the LDAP object this attribute is associated with.
	+#
	+# If this attribute is not set for a user or distribution group,
	+# no Kolab recipient policy does apply.
	+#
	+# Example entries:
	+# .tld - allow mail to every recipient for this tld
	+# domain.tld - allow mail to everyone in domain.tld
	+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	+# user@domain.tld - allow mail to explicit user@domain.tld
	+# user@ - allow mail to this user but any domain
	+# -.tld - disallow mail to every recipient for this tld
	+# -domain.tld - disallow mail to everyone in domain.tld
	+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	+# -user@domain.tld - disallow mail to explicit user@domain.tld
	+# -user@ - disallow mail to this user but any domain
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18
	+ NAME 'kolabAllowSMTPRecipient'
	+ DESC 'SMTP address allowed for destination (multi-valued)'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
	+# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users
	+# will be created on one server only, however we keep this in here to allow the
	+# mail server to use to be specified from the user provisioning batch operation.
	+#
	+# Create the user mailbox on the kolabHomeServer only.
	+# Default is no.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19
	+ NAME 'kolabHomeServerOnly'
	+ DESC 'Create the user mailbox on the kolabHomeServer only'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Describes the allowed or disallowed smtp envelope sender addresses used for
	+# the recipient this attribute is associated with.
	+#
	+# If this attribute is not set for a user or distribution
	+# kolab sender policy does apply.
	+#
	+# Example entries:
	+# .tld - allow mail to every recipient for this tld
	+# domain.tld - allow mail to everyone in domain.tld
	+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	+# user@domain.tld - allow mail to explicit user@domain.tld
	+# user@ - allow mail to this user but any domain
	+# -.tld - disallow mail to every recipient for this tld
	+# -domain.tld - disallow mail to everyone in domain.tld
	+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	+# -user@domain.tld - disallow mail to explicit user@domain.tld
	+# -user@ - disallow mail to this user but any domain
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43
	+ NAME 'kolabAllowSMTPSender'
	+ DESC 'SMTP envelope sender address accepted for delivery (multi-valued)'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
	+# kolabFolderType describes the kind of Kolab folder
	+# as defined in the kolab format specification.
	+# We will annotate all folders with an entry
	+# /vendor/kolab/folder-type containing the attribute
	+# value.shared set to: <type>[.<subtype>].
	+# The <type> can be: mail, event, journal, task, note,
	+# or contact. The <subtype> for a mail folder can be
	+# inbox, drafts, sentitems, or junkemail (this one holds
	+# spam mails). For the other <type>s, it can only be
	+# default, or not set. For other types of folders
	+# supported by the clients, these should be prefixed with
	+# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
	+# look like for example "kolab.o-voicemail". Other third-party
	+# clients shall use the "x-" prefix.
	+# We then use the ANNOTATEMORE IMAP extension to
	+# associate the folder type with a folder.
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7
	+ NAME 'kolabFolderType'
	+ DESC 'type of a kolab folder'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
	+ SINGLE-VALUE )
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.8
	+ NAME 'kolabTargetFolder'
	+ DESC 'Target for a Kolab Shared Folder delivery'
	+ EQUALITY caseExactMatch
	+ SUBSTR caseExactSubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
	+ SINGLE-VALUE )
	+# cyrus imapd access control list
	+# acls work with users and groups
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651
	+ NAME 'acl'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Extended attributes for Resources
	+attributeTypes: ( 1.3.6.1.4.1.19414.3.1.1
	+ NAME 'kolabDescAttribute'
	+ DESC 'Descriptive attribute or parameter for a Resource'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+##########################
	+# kolabfilter attributes #
	+##########################
	+# enable trustable From:
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750
	+ NAME 'kolabfilter-verify-from-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+# should Sender header be allowed instead of From
	+# when present?
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751
	+ NAME 'kolabfilter-allow-sender-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+# Should reject messages with From headers that dont match
	+# the envelope? Default is to rewrite the header
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752
	+ NAME 'kolabfilter-reject-forged-from-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+########################
	+# kolab object classes #
	+########################
	+# public folders are typically visible to everyone subscribed to
	+# the server without the need for an extra login. Subfolders are
	+# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
	+# that the term public folder is prefered to shared folder because
	+# normal user mailboxes can also share folders using acls.
	+objectClasses: ( 1.3.6.1.4.1.19414.2.2.9
	+ NAME 'kolabSharedFolder'
	+ DESC 'Kolab public shared folder'
	+ SUP top AUXILIARY
	+ MUST cn
	+ MAY ( acl $
	+ alias $
	+ mailHost $
	+ kolabFolderType $
	+ kolabDeleteflag $
	+ kolabDelegate $
	+ kolabTargetFolder $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender $
	+ owner ) )
	+# kolab account
	+# we use an auxiliary in order to ease integration
	+# with existing inetOrgPerson objects
	+# Please note that userPassword is a may
	+# attribute in the schema but is mandatory for
	+# Kolab
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.2
	+ NAME 'kolabInetOrgPerson'
	+ DESC 'Kolab Internet Organizational Person'
	+ SUP top AUXILIARY
	+ MAY ( alias $
	+ mailHost $
	+ kolabHomeServerOnly $
	+ kolabDelegate $
	+ kolabInvitationPolicy $
	+ kolabVacationBeginDateTime $
	+ kolabVacationEndDateTime $
	+ kolabVacationResendInterval $
	+ kolabVacationAddress $
	+ kolabVacationReplyToUCE $
	+ kolabVacationReactDomain $
	+ kolabForwardKeepCopy $
	+ kolabForwardUCE $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender $
	+ kolabDeleteflag ) )
	+# kolab groupOfNames with extra kolabDeleteflag and the required
	+# attribute mail.
	+# The mail attribute for kolab objects of the type kolabGroupOfNames
	+# is not arbitrary but MUST be a single attribute of the form
	+# of an valid SMTP address with the CN as the local part.
	+# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
	+# mail attribute MUST be globally unique.
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.8
	+ NAME 'kolabGroupOfUniqueNames'
	+ DESC 'Kolab group of names (DNs) derived from RFC2256'
	+ SUP top AUXILIARY
	+ MAY ( mail $
	+ alias $
	+ kolabDelegate $
	+ kolabDeleteflag $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender ) )
	+# kolab resources
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.9
	+ NAME 'kolabResource'
	+ DESC 'Kolab Resource'
	+ SUP top AUXILIARY
	+ MAY ( kolabInvitationPolicy $
	+ kolabDescAttribute $
	+ description $
	+ owner ) )
	diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
	--- a/docker/kolab/Dockerfile
	+++ b/docker/kolab/Dockerfile
	@@ -6,6 +6,7 @@

	COPY kolab-init.service /etc/systemd/system/kolab-init.service
	COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service
	+COPY utils /root/utils

	RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
	ln -s /etc/systemd/system/kolab-init.service \
	diff --git a/docker/kolab/kolab-init.service b/docker/kolab/kolab-init.service
	--- a/docker/kolab/kolab-init.service
	+++ b/docker/kolab/kolab-init.service
	@@ -1,8 +1,11 @@
	[Unit]
	Description=Kolab Setup Service
	+Requires=kolab-setenv.service
	+After=kolab-setenv.service

	[Service]
	Type=oneshot
	+EnvironmentFile=/etc/openshift-environment
	ExecStart=/usr/local/sbin/kolab-init.sh

	[Install]
	diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
	--- a/docker/kolab/kolab-init.sh
	+++ b/docker/kolab/kolab-init.sh
	@@ -6,26 +6,26 @@

	pushd /root/utils/

	-./01-reverse-etc-hosts.sh
	-./02-write-my.cnf.sh
	-./03-setup-kolab.sh
	-./04-reset-mysql-kolab-password.sh
	-./05-replace-localhost.sh
	-./06-mysql-for-kolabdev.sh
	-./07-adjust-base-dns.sh
	-./08-disable-amavisd.sh
	-./09-enable-debugging.sh
	-./10-reset-kolab-service-password.sh
	-./11-reset-cyrus-admin-password.sh
	-./12-create-hosted-kolab-service.sh
	-./13-create-ou-domains.sh
	-./14-create-management-domain.sh
	-./15-create-hosted-domain.sh
	-./16-remove-cn-kolab-cn-config.sh
	-./17-remove-hosted-service-access-from-mgmt-domain.sh
	-./18-adjust-kolab-conf.sh
	-./19-turn-on-vlv-in-roundcube.sh
	-./20-add-alias-attribute-index.sh
	-./21-adjust-postfix-config.sh
	+./01-reverse-etc-hosts.sh && echo "01 done"
	+./02-write-my.cnf.sh && echo "02 done"
	+./03-setup-kolab.sh && echo "03 done"
	+./04-reset-mysql-kolab-password.sh && echo "04 done"
	+./05-replace-localhost.sh && echo "05 done"
	+./06-mysql-for-kolabdev.sh && echo "06 done"
	+./07-adjust-base-dns.sh && echo "07 done"
	+./08-disable-amavisd.sh && echo "08 done"
	+./09-enable-debugging.sh && echo "09 done"
	+./10-reset-kolab-service-password.sh && echo "10 done"
	+./11-reset-cyrus-admin-password.sh && echo "11 done"
	+./12-create-hosted-kolab-service.sh && echo "12 done"
	+./13-create-ou-domains.sh && echo "13 done"
	+./14-create-management-domain.sh && echo "14 done"
	+./15-create-hosted-domain.sh && echo "15 done"
	+./16-remove-cn-kolab-cn-config.sh && echo "16 done"
	+./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done"
	+./18-adjust-kolab-conf.sh && echo "18 done"
	+./19-turn-on-vlv-in-roundcube.sh && echo "19 done"
	+./20-add-alias-attribute-index.sh && echo "20 done"
	+./21-adjust-postfix-config.sh && echo "21 done"

	touch /tmp/kolab-init.done
	diff --git a/docker/kolab/kolab-setenv.service b/docker/kolab/kolab-setenv.service
	new file mode 100644
	--- /dev/null
	+++ b/docker/kolab/kolab-setenv.service
	@@ -0,0 +1,9 @@
	+[Unit]
	+Description=Kolab Set Environment
	+
	+[Service]
	+Type=oneshot
	+ExecStart=/bin/bash -c "cat /proc/1/environ \| tr '\0' '\n' > /etc/openshift-environment"
	+
	+[Install]
	+WantedBy=multi-user.target
	diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh
	--- a/docker/kolab/utils/02-write-my.cnf.sh
	+++ b/docker/kolab/utils/02-write-my.cnf.sh
	@@ -2,8 +2,7 @@

	cat > /root/.my.cnf << EOF
	[client]
	-host=127.0.0.1
	+host=${DB_HOST:-127.0.0.1}
	user=root
	-password=Welcome2KolabSystems
	+password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems}
	EOF
	-
	diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh
	--- a/docker/kolab/utils/03-setup-kolab.sh
	+++ b/docker/kolab/utils/03-setup-kolab.sh
	@@ -1,11 +1,17 @@
	#!/bin/bash

	+if [ -f /root/kolab.conf.template ]; then
	+ eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref
	+ KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref"
	+ cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf
	+fi
	+
	setup-kolab \
	- --default \
	- --fqdn=kolab.mgmt.com \
	+ --default ${LDAP_HOST+--without-ldap} ${KOLAB_CONFIG_REF} \
	+ --fqdn=kolab.mgmt.com \
	--timezone=Europe/Zurich \
	- --mysqlhost=127.0.0.1 \
	+ --mysqlhost=${DB_HOST:-127.0.0.1} \
	--mysqlserver=existing \
	- --mysqlrootpw=Welcome2KolabSystems \
	- --directory-manager-pwd=Welcome2KolabSystems 2>&1 \| tee /root/setup-kolab.log
	+ --mysqlrootpw=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems} 2>&1 \| tee /root/setup-kolab.log

	diff --git a/docker/kolab/utils/04-reset-mysql-kolab-password.sh b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	--- a/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	+++ b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	@@ -2,6 +2,11 @@

	sqlpw=$(grep ^sql_uri /etc/kolab/kolab.conf \| awk -F':' '{print $3}' \| awk -F'@' '{print $1}')

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "SET PASSWORD FOR 'kolab'@'localhost' = PASSWORD('${sqlpw}');"
	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_HKCCP_USERNAME:-kolabdev}'@'%' = PASSWORD('${DB_HKCCP_PASSWORD:-Welcome2KolabSystems}');"

	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_KOLAB_USERNAME:-kolab}'@'%' = PASSWORD('${DB_KOLAB_PASSWORD:=$sqlpw}');"
	+
	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_RC_USERNAME:-roundcube}'@'%' = PASSWORD('${DB_RC_PASSWORD:-Welcome2KolabSystems}');"
	diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh
	--- a/docker/kolab/utils/05-replace-localhost.sh
	+++ b/docker/kolab/utils/05-replace-localhost.sh
	@@ -1,23 +1,31 @@
	#!/bin/bash

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+if [[ ${DB_HOST} == "localhost" \|\| ${DB_HOST} == "127.0.0.1" ]]; then
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "UPDATE mysql.user SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "FLUSH PRIVILEGES;"
	+fi

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "UPDATE mysql.user SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	-
	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "FLUSH PRIVILEGES;"
	-
	-sed -i -e 's/localhost/127.0.0.1/g' \
	- /etc/imapd.conf \
	- /etc/iRony/dav.inc.php \
	- /etc/kolab/kolab.conf \
	- /etc/kolab-freebusy/config.ini \
	- /etc/postfix/ldap/*.cf \
	- /etc/roundcubemail/password.inc.php \
	- /etc/roundcubemail/kolab_auth.inc.php \
	- /etc/roundcubemail/config.inc.php \
	- /etc/roundcubemail/calendar.inc.php
	+sed -i -e "s#^ldap_servers:.*#ldap_servers: ldap://${LDAP_HOST:-127.0.0.1}:389#" /etc/imapd.conf
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php
	+sed -i -e "s#^ldap_uri.*#ldap_uri = ldap://${LDAP_HOST:-127.0.0.1}:389#" \
	+ -e "s#^cache_uri.mysql://$.$:$.$@$.$\/$.*$#cache_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \
	+ -e "s#^sql_uri.mysql://$.$:$.$@$.$\/$.*$#sql_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \
	+ -e "s#^uri.*#uri = imaps://${IMAP_HOST:-127.0.0.1}:993#" /etc/kolab/kolab.conf
	+sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \
	+ -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini
	+sed -i -e "s/server_host./server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/
	+sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php
	+sed -i -e "#db_dsnw#s#=.*$#= mysqli//${DB_RC_USERNAME:-roundcube}:${DB_RC_PASSWORD:-Welcome2KolabSystems}@${DB_HOST:-127.0.0.1}/${DB_RC_DATABASE:-roundcube}#" \
	+ -e "/default_host/s/localhost/${IMAP_HOST:-127.0.0.1}/" \
	+ -e "/smtp_server/s/localhost/${MAIL_HOST:-127.0.0.1}/" \
	+ -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php

	systemctl restart cyrus-imapd postfix
	diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh
	--- a/docker/kolab/utils/06-mysql-for-kolabdev.sh
	+++ b/docker/kolab/utils/06-mysql-for-kolabdev.sh
	@@ -1,11 +1,11 @@
	#!/bin/bash

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "CREATE DATABASE kolabdev;"
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE:-kolabdev};"

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "GRANT ALL PRIVILEGES ON kolabdev.* TO 'kolabdev'@'127.0.0.1' IDENTIFIED BY 'kolab';"
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE:-kolabdev}.* TO '${DB_HKCCP_USERNAME:-kolabdev}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD:-kolab}';"

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	-e "FLUSH PRIVILEGES;"

	diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh
	--- a/docker/kolab/utils/07-adjust-base-dns.sh
	+++ b/docker/kolab/utils/07-adjust-base-dns.sh
	@@ -6,6 +6,8 @@

	sed -i -r \
	-e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \
	+ -e "/\\\$mydomain = / a\
	+\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \
	-e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \
	-e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \
	-e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \
	diff --git a/docker/kolab/utils/12-create-hosted-kolab-service.sh b/docker/kolab/utils/12-create-hosted-kolab-service.sh
	--- a/docker/kolab/utils/12-create-hosted-kolab-service.sh
	+++ b/docker/kolab/utils/12-create-hosted-kolab-service.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}"
	echo "objectclass: top"
	diff --git a/docker/kolab/utils/13-create-ou-domains.sh b/docker/kolab/utils/13-create-ou-domains.sh
	--- a/docker/kolab/utils/13-create-ou-domains.sh
	+++ b/docker/kolab/utils/13-create-ou-domains.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	. ./settings.sh
	+
	(
	echo "dn: ou=Domains,${rootdn}"
	echo "ou: Domains"
	diff --git a/docker/kolab/utils/14-create-management-domain.sh b/docker/kolab/utils/14-create-management-domain.sh
	--- a/docker/kolab/utils/14-create-management-domain.sh
	+++ b/docker/kolab/utils/14-create-management-domain.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: associateddomain=${domain},${domain_base_dn}"
	echo "aci: (targetattr = \"\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} \|\| ldap:///${rootdn}??sub?(objectclass=)\");)"
	diff --git a/docker/kolab/utils/15-create-hosted-domain.sh b/docker/kolab/utils/15-create-hosted-domain.sh
	--- a/docker/kolab/utils/15-create-hosted-domain.sh
	+++ b/docker/kolab/utils/15-create-hosted-domain.sh
	@@ -3,7 +3,7 @@
	. ./settings.sh

	(
	- echo "dn: associateddomain=${hosted_domain},ou=Domains,${rootdn}"
	+ echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
	echo "objectclass: top"
	echo "objectclass: domainrelatedobject"
	echo "objectclass: inetdomain"
	@@ -31,7 +31,7 @@
	echo "nsslapd-cachememsize: 10485760"
	echo "nsslapd-readonly: off"
	echo "nsslapd-require-index: off"
	- echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} \| sed -e 's/\./_/g')"
	+ echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} \| sed -e 's/\./_/g')"
	echo "nsslapd-dncachememsize: 10485760"
	echo ""

	diff --git a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	--- a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	+++ b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: associateddomain=${domain},ou=Domains,${rootdn}"
	echo "changetype: modify"
	diff --git a/docker/kolab/utils/20-add-alias-attribute-index.sh b/docker/kolab/utils/20-add-alias-attribute-index.sh
	--- a/docker/kolab/utils/20-add-alias-attribute-index.sh
	+++ b/docker/kolab/utils/20-add-alias-attribute-index.sh
	@@ -1,6 +1,6 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh

	export index_attr=alias

	diff --git a/docker/kolab/utils/settings.sh b/docker/kolab/utils/settings.sh
	--- a/docker/kolab/utils/settings.sh
	+++ b/docker/kolab/utils/settings.sh
	@@ -1,23 +1,23 @@
	#!/bin/bash

	-export rootdn="dc=mgmt,dc=com"
	-export domain="mgmt.com"
	-export domain_db="mgmt_com"
	-export ldap_host="127.0.0.1"
	-export ldap_binddn="cn=Directory Manager"
	-export ldap_bindpw="Welcome2KolabSystems"
	+export rootdn=${LDAP_ADMIN_ROOT_DN:-"dc=mgmt,dc=com"}
	+export domain=${DOMAIN:-"mgmt.com"}
	+export domain_db=${DOMAIN_DB:-"mgmt_com"}
	+export ldap_host=${LDAP_HOST:-"127.0.0.1"}
	+export ldap_binddn=${LDAP_ADMIN_BIND_DN:-"cn=Directory Manager"}
	+export ldap_bindpw=${LDAP_ADMIN_BIND_PW:-"Welcome2KolabSystems"}

	-export cyrus_admin="cyrus-admin"
	+export cyrus_admin=${IMAP_ADMIN_LOGIN:-"cyrus-admin"}

	-export imap_host="127.0.0.1"
	-export cyrus_admin_pw="Welcome2KolabSystems"
	+export imap_host=${IMAP_HOST:-"127.0.0.1"}
	+export cyrus_admin_pw=${IMAP_ADMIN_PASSWORD:-"Welcome2KolabSystems"}

	-export hosted_kolab_service_pw="Welcome2KolabSystems"
	+export hosted_kolab_service_pw=${LDAP_HOSTED_BIND_PW:-"Welcome2KolabSystems"}

	-export hosted_domain="hosted.com"
	-export hosted_domain_db="hosted_com"
	-export hosted_domain_rootdn="dc=hosted,dc=com"
	+export hosted_domain=${HOSTED_DOMAIN:-"hosted.com"}
	+export hosted_domain_db=${HOSTED_DOMAIN_DB:-"hosted_com"}
	+export hosted_domain_rootdn=${LDAP_HOSTED_ROOT_DN:-"dc=hosted,dc=com"}

	-export domain_base_dn="ou=Domains,dc=mgmt,dc=com"
	+export domain_base_dn=${LDAP_DOMAIN_BASE_DN:-"ou=Domains,dc=mgmt,dc=com"}

	-export default_user_password="Welcome2KolabSystems"
	+export default_user_password=${DEFAULT_USER_PASSWORD:-"Welcome2KolabSystems"}
	diff --git a/src/.s2i/bin/assemble b/src/.s2i/bin/assemble
	new file mode 100755
	--- /dev/null
	+++ b/src/.s2i/bin/assemble
	@@ -0,0 +1,24 @@
	+#!/bin/bash
	+
	+set -e
	+
	+shopt -s dotglob
	+echo "--->> $(rm -vrf vendor/ composer.lock)"
	+
	+cp -v /tmp/src/.env.example .env
	+
	+if [ -f ".env.local" ]; then
	+ # Ensure there's a line ending
	+ echo "----> Apend .env.local"
	+ echo "" >> .env
	+ cat .env.local >> .env
	+fi
	+
	+/usr/libexec/s2i/assemble
	+
	+pushd /opt/app-root/src
	+
	+echo "----> Run npm run dev"
	+npm install cross-env
	+npm run dev
	+
	diff --git a/src/.s2i/bin/run b/src/.s2i/bin/run
	new file mode 100755
	--- /dev/null
	+++ b/src/.s2i/bin/run
	@@ -0,0 +1,55 @@
	+#!/bin/bash
	+
	+shopt -s dotglob
	+
	+pushd /opt/app-root/src
	+
	+echo "----> Remove bootstrap cache"
	+find bootstrap/cache/ -type f ! -name ".gitignore" -delete
	+
	+if [ -z ${APP_KEY} ]; then
	+ echo "----> Run artisan key:generate"
	+ ./artisan key:generate
	+fi
	+
	+if [ -z ${JWT_SECRET} ]; then
	+ echo "----> Run artisan jwt:secret"
	+ ./artisan jwt:secret --always-no
	+fi
	+
	+echo "----> Run artisan clear-compiled"
	+./artisan clear-compiled
	+
	+echo "----> Run artisan cache:clear"
	+./artisan ${ARTISAN_VERBOSITY} cache:clear \|\| true
	+
	+# rpm -qv chromium
	+# if [ ! -z "$(rpm -qv chromium 2>/dev/null)" ]; then
	+# echo "---- Run artisan dusk:chrome-driver"
	+# chver=$(rpmquery --queryformat="%{VERSION}" chromium \| awk -F'.' '{print $1}')
	+# ./artisan dusk:chrome-driver ${chver}
	+# fi
	+
	+if [ ! -f 'resources/countries.php' ]; then
	+ echo "----> Run artisan data:countries"
	+ ./artisan data:countries
	+fi
	+
	+rm -rvf bootstrap/cache/
	+mkdir -vp bootstrap/cache/
	+chown default bootstrap/cache
	+
	+case ${HKCCP_APP} in
	+ worker\|WORKER )
	+ echo "----> Running worker "
	+ ./artisan queue:work;;
	+ server\|SERVER )
	+ echo "----> Running server "
	+ ./artisan serve;;
	+ apache\|APACHE\|httpd\|HTTPD )
	+ echo "----> Starting httpd "
	+ /usr/libexec/s2i/run;;
	+ * )
	+ echo "----> Sleeping"
	+ sleep 10000;;
	+esac

File Metadata

Mime Type: text/plain
Expires: Fri, Apr 3, 4:56 AM (6 h, 31 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18776007
Default Alt Text: D1522.1775192172.diff (47 KB)

D1522.1775192172.diffNo OneTemporaryActions

D1522.1775192172.diffView Options

File Metadata

Event Timeline

D1522.1775192172.diff
No OneTemporary
Actions

D1522.1775192172.diff
View Options