diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh index 4764e44f..398acad4 100755 --- a/docker/kolab/kolab-init.sh +++ b/docker/kolab/kolab-init.sh @@ -1,21 +1,17 @@ #!/bin/bash -if [ -d "/etc/dirsrv/slapd-kolab/" ]; then - exit 0 -fi - cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl pushd /root/utils/ ./01-reverse-etc-hosts.sh && echo "01 done" ./02-write-my.cnf.sh && echo "02 done" +./03-setup-ldap.sh && echo "03 done" ./03-setup-kolab.sh && echo "03 done" ./04-reset-mysql-kolab-password.sh && echo "04 done" ./05-adjust-configs.sh && echo "05 done" ./10-reset-kolab-service-password.sh && echo "10 done" ./11-reset-cyrus-admin-password.sh && echo "11 done" -./13-setup-ldap.sh && echo "13 done" ./23-patch-system.sh && echo "23 done" touch /tmp/kolab-init.done diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh index 06dc875d..5c401044 100755 --- a/docker/kolab/utils/03-setup-kolab.sh +++ b/docker/kolab/utils/03-setup-kolab.sh @@ -1,98 +1,76 @@ #!/bin/bash . ./settings.sh echo ${CMD} | tee -a /root/setup-kolab.log echo -n "Wait for MariaDB container: " | tee -a /root/setup-kolab.log while ! mysqladmin -u root ping > /dev/null 2>&1 ; do echo -n '.' sleep 3 done | tee -a /root/setup-kolab.log echo "OK!" | tee -a /root/setup-kolab.log - -# if [ -f /root/kolab.conf.template ]; then -# eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref -# KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref" -# cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf -# fi - -if [ -d "/var/lib/dirsrv/slapd-kolab/" ]; then - echo "LDAP directory exists" - #FIXME not implemented - exit 1 -else - echo "LDAP directory does not exist" - CMD="$(which setup-kolab) ldap \ - --default ${LDAP_HOST} \ - --fqdn=kolab.${domain} \ - --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems}" - ${CMD} 2>&1 | tee -a /root/setup-kolab.log -fi - -if [ ! -z "${LDAP_HOST}" ]; then - echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log - while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do - echo -n '.' - sleep 3 - done | tee -a /root/setup-kolab.log - echo "OK!" | tee -a /root/setup-kolab.log -fi +echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log +while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do + echo -n '.' + sleep 3 +done | tee -a /root/setup-kolab.log +echo "OK!" | tee -a /root/setup-kolab.log cat > /tmp/kolab-setup-my.cnf << EOF [client] host=${DB_HOST} user=root password=${DB_ROOT_PASSWORD} EOF CMD="$(which setup-kolab) mta \ --default" ${CMD} 2>&1 | tee -a /root/setup-kolab.log CMD="$(which setup-kolab) php \ --default \ --timezone=Europe/Zurich" ${CMD} 2>&1 | tee -a /root/setup-kolab.log # setup imap systemctl stop saslauthd systemctl start kolab-saslauthd systemctl enable kolab-saslauthd #Setup guam systemctl start guam systemctl enable guam #TODO just add /etc/kolab-freebusy/ # CMD="$(which setup-kolab) freebusy \ # --default" # ${CMD} 2>&1 | tee -a /root/setup-kolab.log cat > /tmp/kolab-setup-my.cnf << EOF [client] host=${DB_HOST} user=root password=${DB_ROOT_PASSWORD} EOF CMD="$(which setup-kolab) roundcube \ --default" ${CMD} 2>&1 | tee -a /root/setup-kolab.log cat > /tmp/kolab-setup-my.cnf << EOF [client] host=${DB_HOST} user=root password=${DB_ROOT_PASSWORD} EOF CMD="$(which setup-kolab) syncroton \ --default" ${CMD} 2>&1 | tee -a /root/setup-kolab.log diff --git a/docker/kolab/utils/03-setup-ldap.sh b/docker/kolab/utils/03-setup-ldap.sh new file mode 100755 index 00000000..1c78d73f --- /dev/null +++ b/docker/kolab/utils/03-setup-ldap.sh @@ -0,0 +1,239 @@ +#!/bin/bash + +. ./settings.sh + +if [ -d "/var/lib/dirsrv/slapd-kolab/" ]; then + echo "LDAP directory exists, nothing to do" +else + echo "LDAP directory does not exist, setting it up." + CMD="$(which setup-kolab) ldap \ + --default ${LDAP_HOST} \ + --fqdn=kolab.${domain} \ + --directory-manager-pwd=${LDAP_ADMIN_BIND_PW}" + ${CMD} 2>&1 | tee -a /root/setup-kolab.log + + + # Create hosted kolab service + ( + echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}" + echo "objectclass: top" + echo "objectclass: inetorgperson" + echo "objectclass: person" + echo "uid: hosted-kolab-service" + echo "cn: Hosted Kolab Service Account" + echo "sn: Service Account" + echo "givenname: Hosted Kolab" + echo "userpassword: ${hosted_kolab_service_pw}" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + # Create ou domain + ( + echo "dn: ou=Domains,${rootdn}" + echo "ou: Domains" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + # Create management domain + ( + echo "dn: associateddomain=${domain},${domain_base_dn}" + echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)" + echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" + echo "inetDomainStatus: active" + echo "objectClass: top" + echo "objectClass: domainrelatedobject" + echo "objectClass: inetdomain" + echo "associatedDomain: ${domain}" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + + # Create hosted domains + ( + echo "dn: associateddomain=${hosted_domain},${domain_base_dn}" + echo "objectclass: top" + echo "objectclass: domainrelatedobject" + echo "objectclass: inetdomain" + echo "inetdomainstatus: active" + echo "associateddomain: ${hosted_domain}" + echo "inetdomainbasedn: ${hosted_domain_rootdn}" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + ( + echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: extensibleobject" + echo "objectClass: nsbackendinstance" + echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')" + echo "nsslapd-suffix: ${hosted_domain_rootdn}" + echo "nsslapd-cachesize: -1" + echo "nsslapd-cachememsize: 10485760" + echo "nsslapd-readonly: off" + echo "nsslapd-require-index: off" + echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')" + echo "nsslapd-dncachememsize: 10485760" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + ( + #On centos7 + #echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config" + #On centos8 + echo "dn: cn=\"${hosted_domain_rootdn}\",cn=mapping tree,cn=config" + echo "objectClass: top" + echo "objectClass: extensibleObject" + echo "objectClass: nsMappingTree" + echo "nsslapd-state: backend" + echo "cn: ${hosted_domain_rootdn}" + echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + ( + echo "dn: ${hosted_domain_rootdn}" + echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)" + echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)" + echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)" + echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)" + echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" + echo "objectClass: top" + echo "objectClass: domain" + echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + ( + for role in "2fa-user" "activesync-user" "imap-user"; do + echo "dn: cn=${role},${hosted_domain_rootdn}" + echo "cn: ${role}" + echo "description: ${role} role" + echo "objectclass: top" + echo "objectclass: ldapsubentry" + echo "objectclass: nsmanagedroledefinition" + echo "objectclass: nsroledefinition" + echo "objectclass: nssimpleroledefinition" + echo "" + done + + echo "dn: ou=Groups,${hosted_domain_rootdn}" + echo "ou: Groups" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + + echo "dn: ou=People,${hosted_domain_rootdn}" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" + echo "ou: People" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + + echo "dn: ou=Special Users,${hosted_domain_rootdn}" + echo "ou: Special Users" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + + echo "dn: ou=Resources,${hosted_domain_rootdn}" + echo "ou: Resources" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + + echo "dn: ou=Shared Folders,${hosted_domain_rootdn}" + echo "ou: Shared Folders" + echo "objectClass: top" + echo "objectClass: organizationalunit" + echo "" + + echo "dn: uid=cyrus-admin,ou=Special Users,${hosted_domain_rootdn}" + echo "sn: Administrator" + echo "uid: cyrus-admin" + echo "objectClass: top" + echo "objectClass: person" + echo "objectClass: inetorgperson" + echo "objectClass: organizationalperson" + echo "givenName: Cyrus" + echo "cn: Cyrus Administrator" + echo "" + + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + + # Remove cn kolab cn config + ( + echo "associateddomain=${domain},cn=kolab,cn=config" + echo "cn=kolab,cn=config" + ) | ldapdelete -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + + + # Remove hosted service access from mgmt domain + ( + echo "dn: associateddomain=${domain},ou=Domains,${rootdn}" + echo "changetype: modify" + echo "replace: aci" + echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)" + echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" + echo "" + ) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + + + # Add alias attribute index + # + export index_attr=alias + + ( + echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectclass: top" + echo "objectclass: nsindex" + echo "cn: ${index_attr}" + echo "nsSystemIndex: false" + echo "nsindextype: pres" + echo "nsindextype: eq" + echo "nsindextype: sub" + + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + + + ( + echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: ${hosted_domain_db} ${index_attr} index" + echo "nsinstance: ${hosted_domain_db}" + echo "nsIndexAttribute: ${index_attr}:pres" + echo "nsIndexAttribute: ${index_attr}:eq" + echo "nsIndexAttribute: ${index_attr}:sub" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + + ldap_complete=0 + + while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h "${ldap_host}" \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi + done +fi + diff --git a/docker/kolab/utils/13-setup-ldap.sh b/docker/kolab/utils/13-setup-ldap.sh deleted file mode 100755 index b4585377..00000000 --- a/docker/kolab/utils/13-setup-ldap.sh +++ /dev/null @@ -1,227 +0,0 @@ -#!/bin/bash - -. ./settings.sh - -# Create hosted kolab service -( - echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}" - echo "objectclass: top" - echo "objectclass: inetorgperson" - echo "objectclass: person" - echo "uid: hosted-kolab-service" - echo "cn: Hosted Kolab Service Account" - echo "sn: Service Account" - echo "givenname: Hosted Kolab" - echo "userpassword: ${hosted_kolab_service_pw}" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -# Create ou domain -( - echo "dn: ou=Domains,${rootdn}" - echo "ou: Domains" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -# Create management domain -( - echo "dn: associateddomain=${domain},${domain_base_dn}" - echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)" - echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "inetDomainStatus: active" - echo "objectClass: top" - echo "objectClass: domainrelatedobject" - echo "objectClass: inetdomain" - echo "associatedDomain: ${domain}" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - - -# Create hosted domains - ( - echo "dn: associateddomain=${hosted_domain},${domain_base_dn}" - echo "objectclass: top" - echo "objectclass: domainrelatedobject" - echo "objectclass: inetdomain" - echo "inetdomainstatus: active" - echo "associateddomain: ${hosted_domain}" - echo "inetdomainbasedn: ${hosted_domain_rootdn}" - echo "" - ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - - ( - echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config" - echo "objectClass: top" - echo "objectClass: extensibleobject" - echo "objectClass: nsbackendinstance" - echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "nsslapd-suffix: ${hosted_domain_rootdn}" - echo "nsslapd-cachesize: -1" - echo "nsslapd-cachememsize: 10485760" - echo "nsslapd-readonly: off" - echo "nsslapd-require-index: off" - echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "nsslapd-dncachememsize: 10485760" - echo "" - ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -( - #On centos7 - #echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config" - #On centos8 - echo "dn: cn=\"${hosted_domain_rootdn}\",cn=mapping tree,cn=config" - echo "objectClass: top" - echo "objectClass: extensibleObject" - echo "objectClass: nsMappingTree" - echo "nsslapd-state: backend" - echo "cn: ${hosted_domain_rootdn}" - echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -( - echo "dn: ${hosted_domain_rootdn}" - echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)" - echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)" - echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)" - echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)" - echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" - echo "objectClass: top" - echo "objectClass: domain" - echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -( - for role in "2fa-user" "activesync-user" "imap-user"; do - echo "dn: cn=${role},${hosted_domain_rootdn}" - echo "cn: ${role}" - echo "description: ${role} role" - echo "objectclass: top" - echo "objectclass: ldapsubentry" - echo "objectclass: nsmanagedroledefinition" - echo "objectclass: nsroledefinition" - echo "objectclass: nssimpleroledefinition" - echo "" - done - - echo "dn: ou=Groups,${hosted_domain_rootdn}" - echo "ou: Groups" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=People,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "ou: People" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Special Users,${hosted_domain_rootdn}" - echo "ou: Special Users" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Resources,${hosted_domain_rootdn}" - echo "ou: Resources" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Shared Folders,${hosted_domain_rootdn}" - echo "ou: Shared Folders" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: uid=cyrus-admin,ou=Special Users,${hosted_domain_rootdn}" - echo "sn: Administrator" - echo "uid: cyrus-admin" - echo "objectClass: top" - echo "objectClass: person" - echo "objectClass: inetorgperson" - echo "objectClass: organizationalperson" - echo "givenName: Cyrus" - echo "cn: Cyrus Administrator" - echo "" - -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - - -# Remove cn kolab cn config -( - echo "associateddomain=${domain},cn=kolab,cn=config" - echo "cn=kolab,cn=config" -) | ldapdelete -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c - - -# Remove hosted service access from mgmt domain -( - echo "dn: associateddomain=${domain},ou=Domains,${rootdn}" - echo "changetype: modify" - echo "replace: aci" - echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)" - echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "" -) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - - -# Add alias attribute index -# -export index_attr=alias - -( - echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" - echo "objectclass: top" - echo "objectclass: nsindex" - echo "cn: ${index_attr}" - echo "nsSystemIndex: false" - echo "nsindextype: pres" - echo "nsindextype: eq" - echo "nsindextype: sub" - -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c - - -( - echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" - echo "objectclass: top" - echo "objectclass: extensibleObject" - echo "cn: ${hosted_domain_db} ${index_attr} index" - echo "nsinstance: ${hosted_domain_db}" - echo "nsIndexAttribute: ${index_attr}:pres" - echo "nsIndexAttribute: ${index_attr}:eq" - echo "nsIndexAttribute: ${index_attr}:sub" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c - -ldap_complete=0 - -while [ ${ldap_complete} -ne 1 ]; do - result=$( - ldapsearch \ - -x \ - -h "${ldap_host}" \ - -D "${ldap_binddn}" \ - -w "${ldap_bindpw}" \ - -c \ - -LLL \ - -b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \ - '(!(nstaskexitcode=0))' \ - -s base 2>/dev/null - ) - if [ -z "$result" ]; then - ldap_complete=1 - echo "" - else - echo -n "." - sleep 1 - fi -done -