'[Kolab-devel] New attributeType kolabTargetFolder for objectClass kolabSharedFolder'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kolab-devel
Subject:    [Kolab-devel] New attributeType kolabTargetFolder for objectClass kolabSharedFolder
From:       "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen () kolabsys ! com>
Date:       2012-03-07 18:38:46
Message-ID: 9ea45d6e397c9437ff288b73f50e0ea6 () kolabsys ! com
[Download RAW message or body]

Hi there,

please find attached a patch against the kolab schema (kolab2.schema 
only, not kolab2.ldif), to enable an additional attribute for LDAP 
entries the kolabSharedFolder objectClass.

The rationale is as follows;

With a kolabSharedFolder allowing for an 'alias' attribute (add 
'mailrecipient' for a 'mail' attribute), an administrator is enabled to 
indicate that an address such as 'sysadmin-main@kolab.org' is to end up 
in a shared folder, maintain ACLs on such a folder, and allow/deny 
senders/recipients from using the canonical address for the shared 
folder.

The only attribute that indicates the folder path currently is the 
'cn', presumably intended to indicate the shared folder should be 
'shared/<cn>@<domain>'.

This level of nesting is not sufficient for larger organizations, 
though.

As per the example address 'sysadmin-main@kolab.org' (think 
'ldap-admins@kolab.org' where 'ldap-admins' are part of the 
"IT/Operations/Linux & UNIX/Directory Services' team, 
'shared/ldap-admins' may just not suffice.

With a kolabTargetFolder set to 'shared/IT/Linux & UNIX/Directory 
Services/LDAP' though, 'ldap-admins@kolab.org' could end up in this 
folder very nicely, as per the following postfix virtual_alias_maps 
lookup table:

/etc/postfix/ldap/virtual_alias_maps-shared_folders.cf would contain:
> server_host = ldap.kolab.org
> search_base = ou=Shared Folders,dc=kolab,dc=org
> bind_dn = <some_dn>
> bind_pw = <some_pw>
> scope = one
> query_filter = 
> (&(|(mail=%s)(alias=%s))(objectclass=kolabSharedFolder))
> result_attribute = kolabTargetFolder
> result_format = shared+%s

Such with an LDAP entry containing:
> dn: cn=ldap-admins,ou=Shared Folders,dc=kolab,dc=org
> objectClass: top
> objectClass: kolabSharedFolder
> objectClass: mailrecipient
> cn: ldap-admins
> mail: ldap-admins@kolab.org
> alias: ldap-administrators@kolab.org
> kolabTargetFolder: IT/Operations/Linux & UNIX/Directory Services/LDAP

Note that in this example, the postuser setting in '/etc/imapd.conf' is 
set to 'shared'.

Thoughts? Comments? Questions? Gripes?

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://www.intevation.de/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread] 