[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: [Kolab-devel] New attributeType kolabTargetFolder for objectClass kolabSharedFolder
From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen () kolabsys ! com>
Date: 2012-03-07 18:38:46
Message-ID: 9ea45d6e397c9437ff288b73f50e0ea6 () kolabsys ! com
[Download RAW message or body]
Hi there,
please find attached a patch against the kolab schema (kolab2.schema
only, not kolab2.ldif), to enable an additional attribute for LDAP
entries the kolabSharedFolder objectClass.
The rationale is as follows;
With a kolabSharedFolder allowing for an 'alias' attribute (add
'mailrecipient' for a 'mail' attribute), an administrator is enabled to
indicate that an address such as 'sysadmin-main@kolab.org' is to end up
in a shared folder, maintain ACLs on such a folder, and allow/deny
senders/recipients from using the canonical address for the shared
folder.
The only attribute that indicates the folder path currently is the
'cn', presumably intended to indicate the shared folder should be
'shared/<cn>@<domain>'.
This level of nesting is not sufficient for larger organizations,
though.
As per the example address 'sysadmin-main@kolab.org' (think
'ldap-admins@kolab.org' where 'ldap-admins' are part of the
"IT/Operations/Linux & UNIX/Directory Services' team,
'shared/ldap-admins' may just not suffice.
With a kolabTargetFolder set to 'shared/IT/Linux & UNIX/Directory
Services/LDAP' though, 'ldap-admins@kolab.org' could end up in this
folder very nicely, as per the following postfix virtual_alias_maps
lookup table:
/etc/postfix/ldap/virtual_alias_maps-shared_folders.cf would contain:
> server_host = ldap.kolab.org
> search_base = ou=Shared Folders,dc=kolab,dc=org
> bind_dn = <some_dn>
> bind_pw = <some_pw>
> scope = one
> query_filter =
> (&(|(mail=%s)(alias=%s))(objectclass=kolabSharedFolder))
> result_attribute = kolabTargetFolder
> result_format = shared+%s
Such with an LDAP entry containing:
> dn: cn=ldap-admins,ou=Shared Folders,dc=kolab,dc=org
> objectClass: top
> objectClass: kolabSharedFolder
> objectClass: mailrecipient
> cn: ldap-admins
> mail: ldap-admins@kolab.org
> alias: ldap-administrators@kolab.org
> kolabTargetFolder: IT/Operations/Linux & UNIX/Directory Services/LDAP
Note that in this example, the postuser setting in '/etc/imapd.conf' is
set to 'shared'.
Thoughts? Comments? Questions? Gripes?
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://www.intevation.de/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic