diff --git a/docker/ds389/Dockerfile b/docker/ds389/Dockerfile deleted file mode 100644 index 50831532..00000000 --- a/docker/ds389/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -FROM centos/centos7:latest - -MAINTAINER Liutauras Adomaitis - -RUN yum -y install \ - epel-release \ - 389-ds-base \ - 389-adminutil \ - gettext && \ - yum clean all - -COPY *.tpl / -COPY kolab-schema.ldif /etc/dirsrv/schema/99kolab-schema.ldif - -RUN for F in $(ls *.tpl); do eval "echo \"$(cat $F)\"" | tee ${F%%.tpl}; done - -RUN rm -fr /var/lock /usr/lib/systemd/system && \ - setup-ds.pl -ddd --silent --file /ds_setup.inf && \ - chown nobody.nobody -R /var/lib/dirsrv/ && \ - mv mgmt_com-install.ldif ${DOMAIN_DB}-install.ldif && \ - mv hosted_com-install.ldif ${HOSTED_DOMAIN_DB}-install.ldif && \ - mv *.ldif /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/. - -# This only copies another kolab-schema.ldif -#COPY *.ldif /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/ - -EXPOSE 389 - -CMD cd /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/ && \ - for ldif in $(ls *-import.ldif || ls *-install.ldif || true); do \ - sed -r -i -e 's/mailHost: .*$/mailHost: localhost/g' ${ldif}; \ - chmod 644 ${ldif}; \ - namespace=$(echo "${ldif}" | sed -e 's/-import.ldif$//' -e 's/-install.ldif$//'); \ - /usr/lib64/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif2db \ - -Z ${DS_INSTANCE_NAME} \ - -n ${namespace} \ - -i /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/${ldif}; \ - done && \ - /usr/lib64/dirsrv/slapd-hkccp/start-slapd && \ - tail -F /var/log/dirsrv/slapd-${DS_INSTANCE_NAME}/{access,audit,errors} - diff --git a/docker/ds389/ds_adjustments.ldif.tpl b/docker/ds389/ds_adjustments.ldif.tpl deleted file mode 100644 index 525979d9..00000000 --- a/docker/ds389/ds_adjustments.ldif.tpl +++ /dev/null @@ -1,105 +0,0 @@ -dn: cn=config -changetype: modify -replace: nsslapd-accesslog-logging-enabled -nsslapd-accesslog-logging-enabled: ${DS389_ACCESSLOG:-on} - -dn: cn=config -changetype: modify -replace: nsslapd-auditlog-logging-enabled -nsslapd-auditlog-logging-enabled: ${DS389_AUDITLOG:-on} - -dn: cn=config -changetype: modify -replace: nsslapd-sizelimit -nsslapd-sizelimit: -1 - -dn: cn=config -changetype: modify -replace: nsslapd-idletimeout -nsslapd-idletimeout: 0 - -dn: cn=config -changetype: modify -replace: nsslapd-timelimit -nsslapd-timelimit: -1 - -dn: cn=config -changetype: modify -replace: nsslapd-lookthroughlimit -nsslapd-lookthroughlimit: -1 - -dn: cn=config -changetype: modify -replace: nsslapd-allow-anonymous-access -nsslapd-allow-anonymous-access: rootdse - -dn: cn=alias,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass: top -objectClass: nsIndex -cn: alias -nsSystemIndex: false -nsIndexType: pres -nsIndexType: eq -nsIndexType: sub - -dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config -changetype: modify -add: nsIndexType -nsIndexType: pres -nsIndexType: sub - -dn: cn=associateddomain,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: nsindex -cn: associateddomain -nsSystemIndex: false -nsindextype: pres -nsindextype: eq - -dn: cn=ACL Plugin,cn=plugins,cn=config -changetype: modify -replace: nsslapd-aclpb-max-selected-acls -nsslapd-aclpb-max-selected-acls: 8192 - -dn: cn=7-bit check,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginEnabled -nsslapd-pluginEnabled: off - -dn: cn=attribute uniqueness,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginEnabled -nsslapd-pluginEnabled: on - -dn: cn=referential integrity postoperation,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginEnabled -nsslapd-pluginEnabled: on - -dn: cn=Account Policy Plugin,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginEnabled -nsslapd-pluginEnabled: on - -dn: cn=Account Policy Plugin,cn=plugins,cn=config -changetype: modify -replace: nsslapd-pluginarg0 -nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config - -dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config -changetype: modify -replace: alwaysrecordlogin -alwaysrecordlogin: yes - -dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config -changetype: modify -replace: stateattrname -stateattrname: lastLoginTime - -dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config -changetype: modify -replace: altstateattrname -altstateattrname: createTimestamp - diff --git a/docker/ds389/ds_admin_backend.ldif.tpl b/docker/ds389/ds_admin_backend.ldif.tpl deleted file mode 100644 index e269b7ab..00000000 --- a/docker/ds389/ds_admin_backend.ldif.tpl +++ /dev/null @@ -1,20 +0,0 @@ -dn: cn=\"${LDAP_ADMIN_ROOT_DN}\",cn=mapping tree,cn=config -objectClass: top -objectClass: extensibleObject -objectClass: nsMappingTree -cn: ${LDAP_ADMIN_ROOT_DN} -nsslapd-state: backend -nsslapd-backend: ${DOMAIN_DB} - -dn: cn=${DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config -objectClass: top -objectClass: extensibleObject -objectClass: nsBackendInstance -cn: ${DOMAIN_DB} -nsslapd-suffix: ${LDAP_ADMIN_ROOT_DN} -nsslapd-cachesize: -1 -nsslapd-cachememsize: 10485760 -nsslapd-readonly: off -nsslapd-require-index: off -nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${DOMAIN_DB} -nsslapd-dncachememsize: 10485760 diff --git a/docker/ds389/ds_hosted_backend.ldif.tpl b/docker/ds389/ds_hosted_backend.ldif.tpl deleted file mode 100644 index 329a4978..00000000 --- a/docker/ds389/ds_hosted_backend.ldif.tpl +++ /dev/null @@ -1,21 +0,0 @@ -dn: cn=\"${LDAP_HOSTED_ROOT_DN}\",cn=mapping tree,cn=config -objectClass: top -objectClass: extensibleObject -objectClass: nsMappingTree -nsslapd-state: backend -cn: ${LDAP_HOSTED_ROOT_DN} -nsslapd-backend: ${HOSTED_DOMAIN_DB} - -dn: cn=${HOSTED_DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config -objectClass: top -objectClass: extensibleobject -objectClass: nsbackendinstance -cn: ${HOSTED_DOMAIN_DB} -nsslapd-suffix: ${LDAP_HOSTED_ROOT_DN} -nsslapd-cachesize: -1 -nsslapd-cachememsize: 10485760 -nsslapd-readonly: off -nsslapd-require-index: off -nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${HOSTED_DOMAIN_DB} -nsslapd-dncachememsize: 10485760 - diff --git a/docker/ds389/ds_setup.inf.tpl b/docker/ds389/ds_setup.inf.tpl deleted file mode 100644 index 8582d963..00000000 --- a/docker/ds389/ds_setup.inf.tpl +++ /dev/null @@ -1,26 +0,0 @@ -[General] -FullMachineName = ${FULL_MACHINE_NAME} -SuiteSpotUserID = nobody -SuiteSpotGroup = nobody -AdminDomain = ${DOMAIN} -StrictHostCheck = ${STRICT_HOST_CHECK} -ConfigDirectoryLdapURL = ldap://${DS_INSTANCE_NAME}:389/o=NetscapeRoot -ConfigDirectoryAdminID = admin -ConfigDirectoryAdminPwd = ${LDAP_ADMIN_BIND_PW} - -[slapd] -start_server = 0 -SlapdConfigForMC = Yes -UseExistingMC = 0 -ServerPort = 389 -ServerIdentifier = ${DS_INSTANCE_NAME} -RootDN = ${LDAP_ADMIN_BIND_DN} -RootDNPwd = ${LDAP_ADMIN_BIND_PW} -AddSampleEntries = No -## InstallLdifFile = /ds_install.ldif -ConfigFile = /ds_adjustments.ldif -ds_bename = ${DOMAIN_DB} -Suffix = ${LDAP_ADMIN_ROOT_DN} -ConfigFile = /ds_admin_backend.ldif -ConfigFile = /ds_hosted_backend.ldif - diff --git a/docker/ds389/hosted_com-install.ldif.tpl b/docker/ds389/hosted_com-install.ldif.tpl deleted file mode 100644 index 6ab8ff38..00000000 --- a/docker/ds389/hosted_com-install.ldif.tpl +++ /dev/null @@ -1,77 +0,0 @@ -# ${HOSTED_DOMAIN}, ${LDAP_DOMAIN_BASE_DN} -dn: associateddomain=${HOSTED_DOMAIN},${LDAP_DOMAIN_BASE_DN} -objectclass: top -objectclass: domainrelatedobject -objectclass: inetdomain -inetdomainstatus: active -associateddomain: ${HOSTED_DOMAIN} -inetdomainbasedn: ${LDAP_HOSTED_ROOT_DN} - -# ${LDAP_HOSTED_ROOT_DN} -dn: ${LDAP_HOSTED_ROOT_DN} -aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";) -aci: (targetattr=\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${LDAP_HOSTED_ROOT_DN}\" or roledn=\"ldap:///cn=kolab-admin,${LDAP_HOSTED_ROOT_DN}\");) -aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";) -aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";) -aci: (targetattr=\"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-${DS_INSTANCE_NAME},cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";) -aci: (targetattr=\"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_HOSTED_ROOT_DN}??sub?(objectclass=*)\");) -aci: (targetattr=\"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_SERVICE_BIND_DN}\");) -objectClass: top -objectClass: domain -dc: ${HOSTED_DOMAIN%.com} - -# cn=2fa-user, ${LDAP_HOSTED_ROOT_DN} -dn: cn=2fa-user,${LDAP_HOSTED_ROOT_DN} -cn: 2fa-user -description: 2fa-user role -objectclass: top -objectclass: ldapsubentry -objectclass: nsmanagedroledefinition -objectclass: nsroledefinition -objectclass: nssimpleroledefinition - -# cn=activesync-user, ${LDAP_HOSTED_ROOT_DN} -dn: cn=activesync-user,${LDAP_HOSTED_ROOT_DN} -cn: activesync-user -description: activesync-user role -objectclass: top -objectclass: ldapsubentry -objectclass: nsmanagedroledefinition -objectclass: nsroledefinition -objectclass: nssimpleroledefinition - -# cn=imap-user, ${LDAP_HOSTED_ROOT_DN} -dn: cn=imap-user,${LDAP_HOSTED_ROOT_DN} -cn: imap-user -description: imap-user role -objectclass: top -objectclass: ldapsubentry -objectclass: nsmanagedroledefinition -objectclass: nsroledefinition -objectclass: nssimpleroledefinition - -# ou=Groups, ${LDAP_HOSTED_ROOT_DN} -dn: ou=Groups,${LDAP_HOSTED_ROOT_DN} -ou: Groups -objectClass: top -objectClass: organizationalunit - -# ou=People, ${LDAP_HOSTED_ROOT_DN} -dn: ou=People,${LDAP_HOSTED_ROOT_DN} -aci: (targetattr=\"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");) -ou: People -objectClass: top -objectClass: organizationalunit - -# ou=Resources, ${LDAP_HOSTED_ROOT_DN} -dn: ou=Resources,${LDAP_HOSTED_ROOT_DN} -ou: Resources -objectClass: top -objectClass: organizationalunit - -# ou=Shared Folders, ${LDAP_HOSTED_ROOT_DN} -dn: ou=Shared Folders,${LDAP_HOSTED_ROOT_DN} -ou: Shared Folders -objectClass: top -objectClass: organizationalunit - diff --git a/docker/ds389/kolab-schema.ldif b/docker/ds389/kolab-schema.ldif deleted file mode 100644 index 222891d0..00000000 --- a/docker/ds389/kolab-schema.ldif +++ /dev/null @@ -1,384 +0,0 @@ -# $Id$ -# (c) 2003, 2004 Tassilo Erlewein -# (c) 2003-2009 Martin Konold -# (c) 2003 Achim Frank -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. -# -# Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# The name of the author may not be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema -# as provided by 3rd parties like OpenLDAP. -# -# slapd.conf then looks like -# include /kolab/etc/openldap/schema/core.schema -# include /kolab/etc/openldap/schema/cosine.schema -# include /kolab/etc/openldap/schema/inetorgperson.schema -# include /kolab/etc/openldap/schema/rfc2739.schema -# include /kolab/etc/openldap/schema/kolab3.schema -# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered -# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob -# Prefix for attributes: 1.3.6.1.4.1.19414.1 -# Prefix for attributes: 1.3.6.1.4.1.19414.2 -# Prefix for objectclasses: 1.3.6.1.4.1.19414.3 -# nameprefix: kolab -# -dn: cn=schema -#################### -# kolab attributes # -#################### -# kolabDeleteflag used to be a boolean but describes with Kolab 2 -# the fqdn of the server which is requested to delete this objects -# in its local store -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2 - NAME 'kolabDeleteflag' - DESC 'Per host deletion status' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# alias used to provide alternative rfc822 email addresses for kolab users -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3 - NAME 'alias' - DESC 'RFC1274: RFC822 Mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# Specifies the email delegates. -# An email delegate can send email on behalf of the account -# which means using the "from" of the account. -# Delegates are specified by the syntax of rfc822 email addresses. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3 - NAME 'kolabDelegate' - DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# For user, group and resource Kolab accounts -# Describes how to respond to invitations -# We keep the attribute as a string, but actually it can only have one -# of the following values: -# -# ACT_ALWAYS_ACCEPT -# ACT_ALWAYS_REJECT -# ACT_REJECT_IF_CONFLICTS -# ACT_MANUAL_IF_CONFLICTS -# ACT_MANUAL -# In addition one of these values may be prefixed with a primary email -# address followed by a colon like -# user@domain.tld: ACT_ALWAYS_ACCEPT -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4 - NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) - DESC 'defines how to respond to invitations' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# Begin date of Kolab vacation period. Sender will -# be notified every kolabVacationResendIntervall days -# that recipient is absent until kolabVacationEnd. -# Values in this syntax are encoded as printable strings, -# represented as specified in X.208. -# Note that the time zone must be specified. -# For Kolab we limit ourself to GMT -# YYYYMMDDHHMMZ e.g. 200512311458Z. -# see also: rfc 2252. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8 - NAME 'kolabVacationBeginDateTime' - DESC 'Begin date of vacation' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -# End date of Kolab vacation period. Sender will -# be notified every kolabVacationResendIntervall days -# that recipient is absent starting from kolabVacationBeginDateTime. -# Values in this syntax are encoded as printable strings, -# represented as specified in X.208. -# Note that the time zone must be specified. -# For Kolab we limit ourself to GMT -# YYYYMMDDHHMMZ e.g. 200601012258Z. -# see also: rfc 2252. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9 - NAME 'kolabVacationEndDateTime' - DESC 'End date of vacation' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -# Intervall in days after which senders get -# another vacation message. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10 - NAME 'kolabVacationResendInterval' - DESC 'Vacation notice interval in days' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -# Email recipient addresses which are handled by the -# vacation script. There can be multiple kolabVacationAddress -# entries for each kolabInetOrgPerson. -# Default is the primary email address and all -# email aliases of the kolabInetOrgPerson. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11 - NAME 'kolabVacationAddress' - DESC 'Email address for vacation to response upon' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# Enable sending vacation notices in reaction -# unsolicited commercial email. -# Default is no. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12 - NAME 'kolabVacationReplyToUCE' - DESC 'Enable vacation notices to UCE' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) -# Email recipient domains which are handled by the -# vacation script. There can be multiple kolabVacationReactDomain -# entries for each kolabInetOrgPerson -# Default is to handle all domains. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13 - NAME 'kolabVacationReactDomain' - DESC 'Multivalued -- Email domain for vacation to response upon' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# Keep local copy when forwarding emails to list of -# kolabForwardAddress. -# Default is no. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15 - NAME 'kolabForwardKeepCopy' - DESC 'Keep copy when forwarding' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) -# Enable forwarding of UCE. -# Default is yes. -# Currently this attribute is not used in Kolab. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16 - NAME 'kolabForwardUCE' - DESC 'Enable forwarding of mails known as UCE' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) -# Describes the allowed or disallowed smtp recipient addresses for mail sent -# by the user associated with the LDAP object this attribute is associated with. -# -# If this attribute is not set for a user or distribution group, -# no Kolab recipient policy does apply. -# -# Example entries: -# .tld - allow mail to every recipient for this tld -# domain.tld - allow mail to everyone in domain.tld -# .domain.tld - allow mail to everyone in domain.tld and its subdomains -# user@domain.tld - allow mail to explicit user@domain.tld -# user@ - allow mail to this user but any domain -# -.tld - disallow mail to every recipient for this tld -# -domain.tld - disallow mail to everyone in domain.tld -# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains -# -user@domain.tld - disallow mail to explicit user@domain.tld -# -user@ - disallow mail to this user but any domain -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18 - NAME 'kolabAllowSMTPRecipient' - DESC 'SMTP address allowed for destination (multi-valued)' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) -# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users -# will be created on one server only, however we keep this in here to allow the -# mail server to use to be specified from the user provisioning batch operation. -# -# Create the user mailbox on the kolabHomeServer only. -# Default is no. -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19 - NAME 'kolabHomeServerOnly' - DESC 'Create the user mailbox on the kolabHomeServer only' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) -# Describes the allowed or disallowed smtp envelope sender addresses used for -# the recipient this attribute is associated with. -# -# If this attribute is not set for a user or distribution -# kolab sender policy does apply. -# -# Example entries: -# .tld - allow mail to every recipient for this tld -# domain.tld - allow mail to everyone in domain.tld -# .domain.tld - allow mail to everyone in domain.tld and its subdomains -# user@domain.tld - allow mail to explicit user@domain.tld -# user@ - allow mail to this user but any domain -# -.tld - disallow mail to every recipient for this tld -# -domain.tld - disallow mail to everyone in domain.tld -# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains -# -user@domain.tld - disallow mail to explicit user@domain.tld -# -user@ - disallow mail to this user but any domain -attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43 - NAME 'kolabAllowSMTPSender' - DESC 'SMTP envelope sender address accepted for delivery (multi-valued)' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) -# kolabFolderType describes the kind of Kolab folder -# as defined in the kolab format specification. -# We will annotate all folders with an entry -# /vendor/kolab/folder-type containing the attribute -# value.shared set to: [.]. -# The can be: mail, event, journal, task, note, -# or contact. The for a mail folder can be -# inbox, drafts, sentitems, or junkemail (this one holds -# spam mails). For the other s, it can only be -# default, or not set. For other types of folders -# supported by the clients, these should be prefixed with -# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and -# look like for example "kolab.o-voicemail". Other third-party -# clients shall use the "x-" prefix. -# We then use the ANNOTATEMORE IMAP extension to -# associate the folder type with a folder. -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7 - NAME 'kolabFolderType' - DESC 'type of a kolab folder' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} - SINGLE-VALUE ) -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.8 - NAME 'kolabTargetFolder' - DESC 'Target for a Kolab Shared Folder delivery' - EQUALITY caseExactMatch - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} - SINGLE-VALUE ) -# cyrus imapd access control list -# acls work with users and groups -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651 - NAME 'acl' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# Extended attributes for Resources -attributeTypes: ( 1.3.6.1.4.1.19414.3.1.1 - NAME 'kolabDescAttribute' - DESC 'Descriptive attribute or parameter for a Resource' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -########################## -# kolabfilter attributes # -########################## -# enable trustable From: -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750 - NAME 'kolabfilter-verify-from-header' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -# should Sender header be allowed instead of From -# when present? -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751 - NAME 'kolabfilter-allow-sender-header' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -# Should reject messages with From headers that dont match -# the envelope? Default is to rewrite the header -attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752 - NAME 'kolabfilter-reject-forged-from-header' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -######################## -# kolab object classes # -######################## -# public folders are typically visible to everyone subscribed to -# the server without the need for an extra login. Subfolders are -# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note -# that the term public folder is prefered to shared folder because -# normal user mailboxes can also share folders using acls. -objectClasses: ( 1.3.6.1.4.1.19414.2.2.9 - NAME 'kolabSharedFolder' - DESC 'Kolab public shared folder' - SUP top AUXILIARY - MUST cn - MAY ( acl $ - alias $ - mailHost $ - kolabFolderType $ - kolabDeleteflag $ - kolabDelegate $ - kolabTargetFolder $ - kolabAllowSMTPRecipient $ - kolabAllowSMTPSender $ - owner ) ) -# kolab account -# we use an auxiliary in order to ease integration -# with existing inetOrgPerson objects -# Please note that userPassword is a may -# attribute in the schema but is mandatory for -# Kolab -objectClasses: ( 1.3.6.1.4.1.19414.3.2.2 - NAME 'kolabInetOrgPerson' - DESC 'Kolab Internet Organizational Person' - SUP top AUXILIARY - MAY ( alias $ - mailHost $ - kolabHomeServerOnly $ - kolabDelegate $ - kolabInvitationPolicy $ - kolabVacationBeginDateTime $ - kolabVacationEndDateTime $ - kolabVacationResendInterval $ - kolabVacationAddress $ - kolabVacationReplyToUCE $ - kolabVacationReactDomain $ - kolabForwardKeepCopy $ - kolabForwardUCE $ - kolabAllowSMTPRecipient $ - kolabAllowSMTPSender $ - kolabDeleteflag ) ) -# kolab groupOfNames with extra kolabDeleteflag and the required -# attribute mail. -# The mail attribute for kolab objects of the type kolabGroupOfNames -# is not arbitrary but MUST be a single attribute of the form -# of an valid SMTP address with the CN as the local part. -# E.g cn@kolabdomain (e.g. employees@mydomain.com). The -# mail attribute MUST be globally unique. -objectClasses: ( 1.3.6.1.4.1.19414.3.2.8 - NAME 'kolabGroupOfUniqueNames' - DESC 'Kolab group of names (DNs) derived from RFC2256' - SUP top AUXILIARY - MAY ( mail $ - alias $ - kolabDelegate $ - kolabDeleteflag $ - kolabAllowSMTPRecipient $ - kolabAllowSMTPSender ) ) -# kolab resources -objectClasses: ( 1.3.6.1.4.1.19414.3.2.9 - NAME 'kolabResource' - DESC 'Kolab Resource' - SUP top AUXILIARY - MAY ( kolabInvitationPolicy $ - kolabDescAttribute $ - description $ - owner ) ) diff --git a/docker/ds389/mgmt_com-install.ldif.tpl b/docker/ds389/mgmt_com-install.ldif.tpl deleted file mode 100644 index 28ddc0fd..00000000 --- a/docker/ds389/mgmt_com-install.ldif.tpl +++ /dev/null @@ -1,119 +0,0 @@ -# ${LDAP_ADMIN_ROOT_DN} -dn: ${LDAP_ADMIN_ROOT_DN} -aci: (targetattr = \"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier || kolabDelegate || kolabInvitationPolicy || kolabAllowSMTPSender\") (version 3.0; acl \"Enable self write for common attributes\"; allow (read,compare,search,write)(userdn = \"ldap:///self\");) -aci: (targetattr = \"*\") (version 3.0;acl \"Directory Administrators Group\";allow (all)(groupdn = \"ldap:///cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN}\" or roledn = \"ldap:///cn=kolab-admin,${LDAP_ADMIN_ROOT_DN}\");) -aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";) -aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";) -aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-ldap-k8s,cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";) -aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///all\");) -objectClass: top -objectClass: domain - -# Directory Administrators, ${DOMAIN} -dn: cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: groupofuniquenames -cn: Directory Administrators -uniqueMember: cn=Directory Manager - -# Domains definition location ${DOMAIN} -dn: ${LDAP_DOMAIN_BASE_DN} -objectclass: top -objectclass: extensibleobject -ou: Domains -aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${LDAP_ADMIN_ROOT_DN}\");) - -# Groups, ${DOMAIN} -dn: ou=Groups,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: organizationalunit -ou: Groups - -# People, ${DOMAIN} -dn: ou=People,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: organizationalunit -ou: People - -# Resources, ${DOMAIN} -dn: ou=Resources,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: organizationalunit -ou: Resources - -# Shared Folders, ${DOMAIN} -dn: ou=Shared Folders,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: organizationalunit -ou: Shared Folders - -# Special User, ${DOMAIN} -dn: ou=Special Users,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: organizationalUnit -ou: Special Users -description: Special Administrative Accounts - -# Add kolab-admin role -dn: cn=kolab-admin,${LDAP_ADMIN_ROOT_DN} -objectClass: top -objectClass: ldapsubentry -objectClass: nsroledefinition -objectClass: nssimpleroledefinition -objectClass: nsmanagedroledefinition -cn: kolab-admin -description: Kolab Administrator - -# cyrus-admin, Special Users, ${DOMAIN} -dn: uid=cyrus-admin,ou=Special Users,${LDAP_ADMIN_ROOT_DN} -sn: Administrator -uid: cyrus-admin -objectClass: top -objectClass: person -objectClass: inetorgperson -objectClass: organizationalperson -givenName: Cyrus -cn: Cyrus Administrator -userPassword: ${IMAP_ADMIN_PASSWORD} - -# kolab-service, Special Users, ${DOMAIN} -dn: ${LDAP_SERVICE_BIND_DN} -sn: Service -uid: kolab-service -objectClass: top -objectClass: person -objectClass: inetorgperson -objectClass: organizationalperson -givenName: Kolab -cn: Kolab Service -userPassword: ${LDAP_SERVICE_BIND_PW} -nsIdleTimeout: -1 -nsTimeLimit: -1 -nsSizeLimit: -1 -nsLookThroughLimit: -1 - -# hosted-kolab-service, Special Users, ${DOMAIN} -dn: ${LDAP_HOSTED_BIND_DN} -objectclass: top -objectclass: inetorgperson -objectclass: person -uid: hosted-kolab-service -cn: Hosted Kolab Service Account -sn: Service Account -givenname: Hosted Kolab -userpassword: ${LDAP_HOSTED_BIND_PW} -nsIdleTimeout: -1 -nsTimeLimit: -1 -nsSizeLimit: -1 -nsLookThroughLimit: -1 - -# ${DOMAIN}, ${LDAP_DOMAIN_BASE_DN} -dn: associateddomain=${DOMAIN},${LDAP_DOMAIN_BASE_DN} -objectclass: top -objectclass: domainrelatedobject -associateddomain: ${DOMAIN} -associateddomain: localhost.localdomain -associateddomain: localhost -aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///${LDAP_SERVICE_BIND_DN} || ldap:///${LDAP_ADMIN_ROOT_DN}??sub?\(objectclass=*\)\");) -aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");) -