dataset/seed/applicationservice/2022.03.08/openldap/templates/config_acl.ldif

%set %%dns = {}
%for %%remote in %%accounts.remotes
 %set %%name = %%normalize_family(%%remote)
 %set %%family = %%accounts['remote_' + %%name]['family_' + %%name]
%%dns.setdefault(%%family, []).append((%%accounts['remote_' + %%name]['dn_' + %%name], %%accounts['remote_' + %%name]['read_only_' + %%name]))%slurp
%end for
dn: olcDatabase={2}mdb,cn=config
changetype:modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword
    by self write
    by anonymous auth
    by * none
%set %%aclidx = 1
%for %%family, %%remotes in %%dns.items()
 %if %%family == 'all'
olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)"
 %else
olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldap_base_dn, %%family)"
 %end if
    by self read
 %for %%remote in %%remotes
    by dn="%%remote[0]" %slurp
  %if %%remote[1]
read%slurp
  %else
write%slurp
  %end if
 %end for
  %set %%aclidx += 1

    by * none
%end for
%for %%idx, %%acl in %%enumerate(%%accounts.acl.ldap_acl_attribute)
 %set %%aclidx += 1
olcAccess: {%%aclidx}to %%acl %echo ' '.join(%%acl.ldap_acl_rights)
%end for
dovecot 2022-05-04 10:29:03 +02:00			`%set %%dns = {}`
			`%for %%remote in %%accounts.remotes`
			`%set %%name = %%normalize_family(%%remote)`
			`%set %%family = %%accounts['remote_' + %%name]['family_' + %%name]`
			`%%dns.setdefault(%%family, []).append((%%accounts['remote_' + %%name]['dn_' + %%name], %%accounts['remote_' + %%name]['read_only_' + %%name]))%slurp`
			`%end for`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`dn: olcDatabase={2}mdb,cn=config`
			`changetype:modify`
			`replace: olcAccess`
			`olcAccess: {0}to attrs=userPassword`
			`by self write`
			`by anonymous auth`
			`by * none`
			`%set %%aclidx = 1`
dovecot 2022-05-04 10:29:03 +02:00			`%for %%family, %%remotes in %%dns.items()`
roundcube multi domain 2022-05-07 08:11:18 +02:00			`%if %%family == 'all'`
			`olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)"`
			`%else`
dovecot 2022-05-04 10:29:03 +02:00			`olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldap_base_dn, %%family)"`
roundcube multi domain 2022-05-07 08:11:18 +02:00			`%end if`
dovecot 2022-05-04 10:29:03 +02:00			`by self read`
			`%for %%remote in %%remotes`
			`by dn="%%remote[0]" %slurp`
			`%if %%remote[1]`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`read%slurp`
dovecot 2022-05-04 10:29:03 +02:00			`%else`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`write%slurp`
dovecot 2022-05-04 10:29:03 +02:00			`%end if`
			`%end for`
			`%set %%aclidx += 1`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			`by * none`
dovecot 2022-05-04 10:29:03 +02:00			`%end for`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`%for %%idx, %%acl in %%enumerate(%%accounts.acl.ldap_acl_attribute)`
			`%set %%aclidx += 1`
			`olcAccess: {%%aclidx}to %%acl %echo ' '.join(%%acl.ldap_acl_rights)`
			`%end for`