dataset/seed/applicationservice/2022.03.08/openldap/templates/config_acl.ldif

%set %%dns = {}
%set %%groups = []
%for %%remote in %%accounts.remotes
 %set %%name = %%normalize_family(%%remote)
 %set %%family = %%accounts['remote_' + %%name]['family_' + %%name]
%%groups.append(%%accounts['remote_' + %%name]['dn_' + %%name])%slurp
%%dns.setdefault(%%family, []).append((%%accounts['remote_' + %%name]['dn_' + %%name], %%accounts['remote_' + %%name]['read_only_' + %%name]))%slurp
%end for
dn: olcDatabase={2}mdb,cn=config
changetype:modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword
    by self write
    by anonymous auth
    by * none
olcAccess: {1}to dn.subtree="%%ldap_group_dn"
%for group in %%groups
    by dn="%%group" read
%end for
    by * none
%set %%aclidx = 2
%for %%family, %%remotes in %%dns.items()
 %if %%family == 'all'
olcAccess: {%%aclidx}to dn.subtree="%%ldap_account_dn"
 %else
olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family)"
 %end if
    by self read
 %for %%remote in %%remotes
    by dn="%%remote[0]" %slurp
  %if %%remote[1]
read
  %else
write
  %end if
 %end for
  %set %%aclidx += 1
    by * none
%end for
dovecot 2022-05-04 10:29:03 +02:00			`%set %%dns = {}`
update 2022-06-24 19:00:16 +02:00			`%set %%groups = []`
dovecot 2022-05-04 10:29:03 +02:00			`%for %%remote in %%accounts.remotes`
			`%set %%name = %%normalize_family(%%remote)`
			`%set %%family = %%accounts['remote_' + %%name]['family_' + %%name]`
update 2022-06-24 19:00:16 +02:00			`%%groups.append(%%accounts['remote_' + %%name]['dn_' + %%name])%slurp`
dovecot 2022-05-04 10:29:03 +02:00			`%%dns.setdefault(%%family, []).append((%%accounts['remote_' + %%name]['dn_' + %%name], %%accounts['remote_' + %%name]['read_only_' + %%name]))%slurp`
			`%end for`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`dn: olcDatabase={2}mdb,cn=config`
			`changetype:modify`
			`replace: olcAccess`
			`olcAccess: {0}to attrs=userPassword`
			`by self write`
			`by anonymous auth`
			`by * none`
lemonldap: filter applications 2022-06-26 19:33:44 +02:00			`olcAccess: {1}to dn.subtree="%%ldap_group_dn"`
update 2022-06-24 19:00:16 +02:00			`%for group in %%groups`
			`by dn="%%group" read`
			`%end for`
			`by * none`
			`%set %%aclidx = 2`
dovecot 2022-05-04 10:29:03 +02:00			`%for %%family, %%remotes in %%dns.items()`
roundcube multi domain 2022-05-07 08:11:18 +02:00			`%if %%family == 'all'`
lemonldap: filter applications 2022-06-26 19:33:44 +02:00			`olcAccess: {%%aclidx}to dn.subtree="%%ldap_account_dn"`
roundcube multi domain 2022-05-07 08:11:18 +02:00			`%else`
update 2022-06-24 19:00:16 +02:00			`olcAccess: {%%aclidx}to dn.subtree="%%calc_ldapclient_base_dn(%%ldapclient_base_dn, %%family)"`
roundcube multi domain 2022-05-07 08:11:18 +02:00			`%end if`
dovecot 2022-05-04 10:29:03 +02:00			`by self read`
			`%for %%remote in %%remotes`
			`by dn="%%remote[0]" %slurp`
			`%if %%remote[1]`
update 2022-06-24 19:00:16 +02:00			`read`
dovecot 2022-05-04 10:29:03 +02:00			`%else`
update 2022-06-24 19:00:16 +02:00			`write`
dovecot 2022-05-04 10:29:03 +02:00			`%end if`
			`%end for`
			`%set %%aclidx += 1`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`by * none`
dovecot 2022-05-04 10:29:03 +02:00			`%end for`