|
|
| Line 2: |
Line 2: |
| | | | |
| | Please press 'alt-+', or click on '''+''' link at the top of this page (next to '''edit''') to add a comment. | | Please press 'alt-+', or click on '''+''' link at the top of this page (next to '''edit''') to add a comment. |
| − |
| |
| − | == ACL in openldap ==
| |
| − |
| |
| − | Nice article, however you don't speak about ACL in openldap. This part was the tricky one for me, as you have to mix samba and kolab access to ldap.
| |
| − |
| |
| − | If you compare slapd.conf from Samba and Kolab, you'll be able to write a mixed slapd.conf to allow samba and kolab access, but as your users aren't stored in the same place as original kolab installation, you'll have access problem.
| |
| − |
| |
| − | In Kolab, your users are stored in the root of the ldap :
| |
| − |
| |
| − | cn=test,dc=example,dc=com
| |
| − |
| |
| − | In Samba, your users are stored in branch Users or People of your ldap:
| |
| − |
| |
| − | cn=test,ou=Users,dc=example,dc=com
| |
| − | or, cn=test,ou=People,dc=example,dc=com
| |
| − |
| |
| − | With Kolab, Postfix needs to have nobody access to 3 attributes of your users: mail, alias AND kolabDeleteflag. If your access list is wrong, postfix can't deliver mails to your users.
| |
| − |
| |
| − | Either you let the user nobody access your branch Users (security risk?), either you allow nobody to read kolabDeleteflag.
| |
| − |
| |
| − | I added this ACL to my slapd.conf to allow Postfix to read kolabDeleteflag attribute :
| |
| − |
| |
| − | access to attr=kolabDeleteflag
| |
| − | by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
| |
| − | by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
| |
| − | by * read stop
| |
| − |
| |
| − | With correct ACL in my ldap, everything is working like a dream...
| |
| − |
| |
| − | Thanks for great work.
| |