Difference between revisions of "Omldapsync HowTo - Six"
(→Appendix A - ldapsync13.schema (OpenLDAP Servers)) |
|||
Line 2: | Line 2: | ||
A copy of ldapsync13.schema is provided because the copy included with the Scalix installation was incomplete in earlier releases. | A copy of ldapsync13.schema is provided because the copy included with the Scalix installation was incomplete in earlier releases. | ||
− | # Copyright (C) 2006 Scalix Corporation. All rights reserved. | + | # Copyright (C) 2006 Scalix Corporation. All rights reserved. |
− | + | ||
− | # OpenLDAP schema extension for Scalix omldapsync attributes | + | # OpenLDAP schema extension for Scalix omldapsync attributes |
− | # For reference see OpenLDAP 2.1 Administrator's Guide | + | # For reference see OpenLDAP 2.1 Administrator's Guide |
− | + | ||
− | # Installation steps (requires root login): | + | # Installation steps (requires root login): |
− | # | + | # |
− | # 1. Stop OpenLDAP slapd server (e.g. kill -INT `cat /var/run/slapd.pid`) | + | # 1. Stop OpenLDAP slapd server (e.g. kill -INT `cat /var/run/slapd.pid`) |
− | # | + | # |
− | # 2. Copy this file to OpenLDAP schema sub directory (e.g. | + | # 2. Copy this file to OpenLDAP schema sub directory (e.g. etc/openldap/schema) |
− | # | + | # |
− | # 3. Edit OpenLDAP slapd.conf file (e.g. /etc/openldap/slapd.conf) to: | + | # 3. Edit OpenLDAP slapd.conf file (e.g. /etc/openldap/slapd.conf) to: |
− | # | + | # |
− | # a. Extend the schema by appending reference to the 'include' section, | + | # a. Extend the schema by appending reference to the 'include' section, |
− | # something like the following lines: | + | # something like the following lines: |
− | # | + | # |
− | # # include schema extension for Scalix omldapsync attributes | + | # # include schema extension for Scalix omldapsync attributes |
− | # include /etc/openldap/schema/ldapsync13.schema | + | # include /etc/openldap/schema/ldapsync13.schema |
− | # | + | # |
− | # b. Ensure Scalix omldapsync has sufficient read access to all the data, | + | # b. Ensure Scalix omldapsync has sufficient read access to all the data, |
− | # usually determined by the type of bind and the dn used. | + | # usually determined by the type of bind and the dn used. |
− | # | + | # |
− | # c. Ensure Scalix omldapsync has sufficient search limit to return all the | + | # c. Ensure Scalix omldapsync has sufficient search limit to return all the |
− | # matching entries, usually determined by the 'sizelimit' setting used. | + | # matching entries, usually determined by the 'sizelimit' setting used. |
− | # | + | # |
− | # 4. Start OpenLDAP slapd server (e.g. /usr/sbin/slapd) | + | # 4. Start OpenLDAP slapd server (e.g. /usr/sbin/slapd) |
− | # | + | # |
− | # 5. Fix any error, repeat steps 1 to 4 as necessary. | + | # 5. Fix any error, repeat steps 1 to 4 as necessary. |
− | # | + | # |
− | # 6. Test add (e.g. /usr/bin/ldapadd -D "cn=Manager,dc=my-domain,dc=com") using | + | # 6. Test add (e.g. /usr/bin/ldapadd -D "cn=Manager,dc=my-domain,dc=com") using |
− | # something like the following LDIF lines: | + | # something like the following LDIF lines: |
− | # | + | # |
− | # dn: cn=testuser scalix,dc=my-domain,dc=com | + | # dn: cn=testuser scalix,dc=my-domain,dc=com |
− | # objectClass: inetOrgPerson | + | # objectClass: inetOrgPerson |
− | # cn: testuser scalix | + | # cn: testuser scalix |
− | # displayName: Testuser Scalix | + | # displayName: Testuser Scalix |
− | # sn: Scalix | + | # sn: Scalix |
− | # mail: testuser@test.scalix.com | + | # mail: testuser@test.scalix.com |
− | # objectClass: scalixUserClass | + | # objectClass: scalixUserClass |
− | # scalixScalixObject: TRUE | + | # scalixScalixObject: TRUE |
− | # scalixMailnode: ou1,ou2 | + | # scalixMailnode: ou1,ou2 |
− | # scalixServerLanguage: ENGLISH | + | # scalixServerLanguage: ENGLISH |
− | # scalixAdministrator: TRUE | + | # scalixAdministrator: TRUE |
− | # scalixMailboxAdministrator: FALSE | + | # scalixMailboxAdministrator: FALSE |
− | # scalixEmailAddress: testuser@my-domain.com | + | # scalixEmailAddress: testuser@my-domain.com |
− | # scalixEmailAddress: testuser@my-domain.de | + | # scalixEmailAddress: testuser@my-domain.de |
− | # scalixLimitMailboxSize: 1024 | + | # scalixLimitMailboxSize: 1024 |
− | # scalixLimitOutboundMail: TRUE | + | # scalixLimitOutboundMail: TRUE |
− | # scalixLimitInboundMail: FALSE | + | # scalixLimitInboundMail: FALSE |
− | # scalixLimitNotifyUser: TRUE | + | # scalixLimitNotifyUser: TRUE |
− | # scalixHideUserEntry: FALSE | + | # scalixHideUserEntry: FALSE |
− | # scalixMailboxClass: FULL | + | # scalixMailboxClass: FULL |
− | # | + | # |
− | # dn: cn=testgroup scalix,dc=my-domain,dc=com | + | # dn: cn=testgroup scalix,dc=my-domain,dc=com |
− | # objectClass: groupOfNames | + | # objectClass: groupOfNames |
− | # cn: testgroup scalix | + | # cn: testgroup scalix |
− | # member: cn=testuser scalix,dc=my-domain,dc=com | + | # member: cn=testuser scalix,dc=my-domain,dc=com |
− | # objectClass: scalixGroupClass | + | # objectClass: scalixGroupClass |
− | # scalixScalixObject: TRUE | + | # scalixScalixObject: TRUE |
− | # scalixMailnode: ou1,ou2 | + | # scalixMailnode: ou1,ou2 |
− | # displayName: Testgroup Scalix | + | # displayName: Testgroup Scalix |
− | # scalixEmailAddress: testgroup@test.scalix.com | + | # scalixEmailAddress: testgroup@test.scalix.com |
− | # scalixHideUserEntry: TRUE | + | # scalixHideUserEntry: TRUE |
− | # | + | # |
− | # 7. Test search (e.g. /usr/bin/ldapsearch -b "dc=my-domain,dc=com" -x -D "" | + | # 7. Test search (e.g. /usr/bin/ldapsearch -b "dc=my-domain,dc=com" -x -D "" |
− | # -w "" cn=*scalix) to check for read access and correct entries were added. | + | # -w "" cn=*scalix) to check for read access and correct entries were added. |
− | + | ||
− | # define macro for Scalix root OID | + | # define macro for Scalix root OID |
− | objectIdentifier scalixOID 1.3.6.1.4.1.19049 | + | objectIdentifier scalixOID 1.3.6.1.4.1.19049 |
− | + | ||
− | # new attributes to describe an Scalix user or group object | + | # new attributes to describe an Scalix user or group object |
− | # use 1.1.x from Scalix root OID | + | # use 1.1.x from Scalix root OID |
− | attributetype ( scalixOID:1.1.10 NAME ( 'scalixScalixObject' ) | + | attributetype ( scalixOID:1.1.10 NAME ( 'scalixScalixObject' ) |
DESC 'boolean TRUE or FALSE for creating scalix mailbox/PDL object | DESC 'boolean TRUE or FALSE for creating scalix mailbox/PDL object | ||
If this is set to FALSE and the object is matched by the omldapsync | If this is set to FALSE and the object is matched by the omldapsync | ||
Line 82: | Line 82: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.11 NAME ( 'scalixMailnode' ) | + | attributetype ( scalixOID:1.1.11 NAME ( 'scalixMailnode' ) |
DESC 'Comma-separated org units for object.s mailnode. This is the | DESC 'Comma-separated org units for object.s mailnode. This is the | ||
Mailnode name as defined when the Scalix server was setup. In | Mailnode name as defined when the Scalix server was setup. In | ||
Line 93: | Line 93: | ||
ORDERING caseIgnoreOrderingMatch | ORDERING caseIgnoreOrderingMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.12 NAME ( 'scalixAdministrator' ) | + | attributetype ( scalixOID:1.1.12 NAME ( 'scalixAdministrator' ) |
DESC 'Boolean TRUE or FALSE for admin capability. If set to TRUE, | DESC 'Boolean TRUE or FALSE for admin capability. If set to TRUE, | ||
the user created will have full Scalix admin capabilites.' | the user created will have full Scalix admin capabilites.' | ||
Line 100: | Line 100: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.13 NAME ( 'scalixMailboxAdministrator' ) | + | attributetype ( scalixOID:1.1.13 NAME ( 'scalixMailboxAdministrator' ) |
DESC 'Boolean TRUE or FALSE for Mailbox Admin capability. A user with | DESC 'Boolean TRUE or FALSE for Mailbox Admin capability. A user with | ||
this flag set to TRUE can access ANY mailbox on a server through | this flag set to TRUE can access ANY mailbox on a server through | ||
Line 109: | Line 109: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.14 NAME ( 'scalixServerLanguage' ) | + | attributetype ( scalixOID:1.1.14 NAME ( 'scalixServerLanguage' ) |
DESC 'Message catalog language for client. This is one of the Scalix-supported | DESC 'Message catalog language for client. This is one of the Scalix-supported | ||
languages found in /var/opt/scalix/nls/om_langs' | languages found in /var/opt/scalix/nls/om_langs' | ||
Line 118: | Line 118: | ||
ORDERING caseIgnoreOrderingMatch | ORDERING caseIgnoreOrderingMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.15 NAME ( 'scalixEmailAddress' ) | + | attributetype ( scalixOID:1.1.15 NAME ( 'scalixEmailAddress' ) |
DESC 'List of SMTP addresses of user. This is a multi-valued attribute. The | DESC 'List of SMTP addresses of user. This is a multi-valued attribute. The | ||
order is important as the first of these values is used as the outgoing | order is important as the first of these values is used as the outgoing | ||
Line 127: | Line 127: | ||
ORDERING caseIgnoreOrderingMatch | ORDERING caseIgnoreOrderingMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.16 NAME ( 'scalixLimitMailboxSize' ) | + | attributetype ( scalixOID:1.1.16 NAME ( 'scalixLimitMailboxSize' ) |
DESC 'mailbox size limit for the user in MB' | DESC 'mailbox size limit for the user in MB' | ||
SINGLE-VALUE | SINGLE-VALUE | ||
EQUALITY integerMatch | EQUALITY integerMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.17 NAME ( 'scalixLimitOutboundMail' ) | + | attributetype ( scalixOID:1.1.17 NAME ( 'scalixLimitOutboundMail' ) |
DESC 'As Sanction on Mailbox quota overuse, stop user from sending mail. | DESC 'As Sanction on Mailbox quota overuse, stop user from sending mail. | ||
Set to TRUE or FALSE' | Set to TRUE or FALSE' | ||
Line 140: | Line 140: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.18 NAME ( 'scalixLimitInboundMail' ) | + | attributetype ( scalixOID:1.1.18 NAME ( 'scalixLimitInboundMail' ) |
DESC 'As Sanction on Mailbox quota overuse, stop user from receiving mail. | DESC 'As Sanction on Mailbox quota overuse, stop user from receiving mail. | ||
Set to TRUE or FALSE' | Set to TRUE or FALSE' | ||
Line 147: | Line 147: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.19 NAME ( 'scalixLimitNotifyUser' ) | + | attributetype ( scalixOID:1.1.19 NAME ( 'scalixLimitNotifyUser' ) |
DESC 'As Sanction on Mailbox quota overuse, notify the User by eMail. | DESC 'As Sanction on Mailbox quota overuse, notify the User by eMail. | ||
Set to TRUE or FALSE' | Set to TRUE or FALSE' | ||
Line 154: | Line 154: | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.20 NAME ( 'scalixHideUserEntry' ) | + | attributetype ( scalixOID:1.1.20 NAME ( 'scalixHideUserEntry' ) |
DESC 'Hide User Entry from Addressbook. Set to TRUE or FALSE' | DESC 'Hide User Entry from Addressbook. Set to TRUE or FALSE' | ||
SINGLE-VALUE | SINGLE-VALUE | ||
EQUALITY booleanMatch | EQUALITY booleanMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) | ||
− | + | ||
− | attributetype ( scalixOID:1.1.21 NAME ( 'scalixMailboxClass' ) | + | attributetype ( scalixOID:1.1.21 NAME ( 'scalixMailboxClass' ) |
DESC 'Class of User Mailbox FULL or LIMITED. This maps to | DESC 'Class of User Mailbox FULL or LIMITED. This maps to | ||
Premium or Standard users as defined by Scalix User licensing policy' | Premium or Standard users as defined by Scalix User licensing policy' | ||
Line 169: | Line 169: | ||
ORDERING caseIgnoreOrderingMatch | ORDERING caseIgnoreOrderingMatch | ||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | ||
− | + | ||
− | # auxiliary classes for scalix User and group | + | # auxiliary classes for scalix User and group |
− | # use 1.2.x from Scalix root OID | + | # use 1.2.x from Scalix root OID |
− | objectclass ( scalixOID:1.2.10 NAME 'scalixUserClass' | + | objectclass ( scalixOID:1.2.10 NAME 'scalixUserClass' |
DESC 'Supplemental class containing the Scalix User-related attributes' | DESC 'Supplemental class containing the Scalix User-related attributes' | ||
AUXILIARY | AUXILIARY | ||
Line 181: | Line 181: | ||
scalixLimitInboundMail $ scalixLimitNotifyUser $ | scalixLimitInboundMail $ scalixLimitNotifyUser $ | ||
scalixHideUserEntry $ scalixMailboxClass ) ) | scalixHideUserEntry $ scalixMailboxClass ) ) | ||
− | + | ||
− | objectclass ( scalixOID:1.2.11 NAME 'scalixGroupClass' | + | objectclass ( scalixOID:1.2.11 NAME 'scalixGroupClass' |
DESC 'Supplemental class containing the Scalix Group-related attributes' | DESC 'Supplemental class containing the Scalix Group-related attributes' | ||
AUXILIARY | AUXILIARY |
Revision as of 15:45, 18 March 2008
Appendix A - ldapsync13.schema (OpenLDAP Servers)
A copy of ldapsync13.schema is provided because the copy included with the Scalix installation was incomplete in earlier releases.
# Copyright (C) 2006 Scalix Corporation. All rights reserved. # OpenLDAP schema extension for Scalix omldapsync attributes # For reference see OpenLDAP 2.1 Administrator's Guide # Installation steps (requires root login): # # 1. Stop OpenLDAP slapd server (e.g. kill -INT `cat /var/run/slapd.pid`) # # 2. Copy this file to OpenLDAP schema sub directory (e.g. etc/openldap/schema) # # 3. Edit OpenLDAP slapd.conf file (e.g. /etc/openldap/slapd.conf) to: # # a. Extend the schema by appending reference to the 'include' section, # something like the following lines: # # # include schema extension for Scalix omldapsync attributes # include /etc/openldap/schema/ldapsync13.schema # # b. Ensure Scalix omldapsync has sufficient read access to all the data, # usually determined by the type of bind and the dn used. # # c. Ensure Scalix omldapsync has sufficient search limit to return all the # matching entries, usually determined by the 'sizelimit' setting used. # # 4. Start OpenLDAP slapd server (e.g. /usr/sbin/slapd) # # 5. Fix any error, repeat steps 1 to 4 as necessary. # # 6. Test add (e.g. /usr/bin/ldapadd -D "cn=Manager,dc=my-domain,dc=com") using # something like the following LDIF lines: # # dn: cn=testuser scalix,dc=my-domain,dc=com # objectClass: inetOrgPerson # cn: testuser scalix # displayName: Testuser Scalix # sn: Scalix # mail: testuser@test.scalix.com # objectClass: scalixUserClass # scalixScalixObject: TRUE # scalixMailnode: ou1,ou2 # scalixServerLanguage: ENGLISH # scalixAdministrator: TRUE # scalixMailboxAdministrator: FALSE # scalixEmailAddress: testuser@my-domain.com # scalixEmailAddress: testuser@my-domain.de # scalixLimitMailboxSize: 1024 # scalixLimitOutboundMail: TRUE # scalixLimitInboundMail: FALSE # scalixLimitNotifyUser: TRUE # scalixHideUserEntry: FALSE # scalixMailboxClass: FULL # # dn: cn=testgroup scalix,dc=my-domain,dc=com # objectClass: groupOfNames # cn: testgroup scalix # member: cn=testuser scalix,dc=my-domain,dc=com # objectClass: scalixGroupClass # scalixScalixObject: TRUE # scalixMailnode: ou1,ou2 # displayName: Testgroup Scalix # scalixEmailAddress: testgroup@test.scalix.com # scalixHideUserEntry: TRUE # # 7. Test search (e.g. /usr/bin/ldapsearch -b "dc=my-domain,dc=com" -x -D "" # -w "" cn=*scalix) to check for read access and correct entries were added. # define macro for Scalix root OID objectIdentifier scalixOID 1.3.6.1.4.1.19049 # new attributes to describe an Scalix user or group object # use 1.1.x from Scalix root OID attributetype ( scalixOID:1.1.10 NAME ( 'scalixScalixObject' ) DESC 'boolean TRUE or FALSE for creating scalix mailbox/PDL object If this is set to FALSE and the object is matched by the omldapsync filter, a Contact entry/Internet user is created. If set to true, a mailbox is setup. For Group/PDL objects, this must always be set to true' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.11 NAME ( 'scalixMailnode' ) DESC 'Comma-separated org units for object.s mailnode. This is the Mailnode name as defined when the Scalix server was setup. In Multi-server environments, this is used to select on which server the object is to be created.' SINGLE-VALUE EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( scalixOID:1.1.12 NAME ( 'scalixAdministrator' ) DESC 'Boolean TRUE or FALSE for admin capability. If set to TRUE, the user created will have full Scalix admin capabilites.' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.13 NAME ( 'scalixMailboxAdministrator' ) DESC 'Boolean TRUE or FALSE for Mailbox Admin capability. A user with this flag set to TRUE can access ANY mailbox on a server through mboxadmin signon. This is usually only used for migration tools and typically not exposed through LDAP' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.14 NAME ( 'scalixServerLanguage' ) DESC 'Message catalog language for client. This is one of the Scalix-supported languages found in /var/opt/scalix/nls/om_langs' SINGLE-VALUE EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( scalixOID:1.1.15 NAME ( 'scalixEmailAddress' ) DESC 'List of SMTP addresses of user. This is a multi-valued attribute. The order is important as the first of these values is used as the outgoing from address of the user.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( scalixOID:1.1.16 NAME ( 'scalixLimitMailboxSize' ) DESC 'mailbox size limit for the user in MB' SINGLE-VALUE EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( scalixOID:1.1.17 NAME ( 'scalixLimitOutboundMail' ) DESC 'As Sanction on Mailbox quota overuse, stop user from sending mail. Set to TRUE or FALSE' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.18 NAME ( 'scalixLimitInboundMail' ) DESC 'As Sanction on Mailbox quota overuse, stop user from receiving mail. Set to TRUE or FALSE' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.19 NAME ( 'scalixLimitNotifyUser' ) DESC 'As Sanction on Mailbox quota overuse, notify the User by eMail. Set to TRUE or FALSE' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.20 NAME ( 'scalixHideUserEntry' ) DESC 'Hide User Entry from Addressbook. Set to TRUE or FALSE' SINGLE-VALUE EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( scalixOID:1.1.21 NAME ( 'scalixMailboxClass' ) DESC 'Class of User Mailbox FULL or LIMITED. This maps to Premium or Standard users as defined by Scalix User licensing policy' SINGLE-VALUE EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) # auxiliary classes for scalix User and group # use 1.2.x from Scalix root OID objectclass ( scalixOID:1.2.10 NAME 'scalixUserClass' DESC 'Supplemental class containing the Scalix User-related attributes' AUXILIARY MUST ( scalixScalixObject $ scalixMailnode) MAY ( scalixAdministrator $ scalixMailboxAdministrator $ scalixServerLanguage $ scalixEmailAddress $ scalixLimitMailboxSize $ scalixLimitOutboundMail $ scalixLimitInboundMail $ scalixLimitNotifyUser $ scalixHideUserEntry $ scalixMailboxClass ) ) objectclass ( scalixOID:1.2.11 NAME 'scalixGroupClass' DESC 'Supplemental class containing the Scalix Group-related attributes' AUXILIARY MUST ( scalixScalixObject $ scalixMailnode ) MAY ( displayName $ scalixEmailAddress $ scalixHideUserEntry ) )
Appendix B - 90Scalix.ldif (Sun ONE Directory Servers)
dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;
acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr = "*")(version 3.0;
acl "Configuration Administrators Group"; allow (all) groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0;
acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0;
acl "Local Directory Administrators Group "; allow (all) groupdn = "ldap:///cn=Directory Administrators, dc=mydomain,dc=net";)
aci: (targetattr = "*")(version 3.0;
acl "SIE Group"; allow (all)groupdn = "ldap:///cn=slapd-fubar, cn=Sun ONE Directory Server, cn=Server Group, cn=fubar.mydomain.net, ou=mydomain.net, o=NetscapeRoot";)
modifiersName: cn=directory manager modifyTimestamp: 20080205163801Z attributeTypes: ( 1.1.13 NAME 'scalixMailboxAdministrator'
DESC 'Boolean TRUE or FALSE for Mailbox Admin capability. A user with this flag set to TRUE can access ANY mailbox on a server through mboxadmin signon. This is usually only used for migration tools and typically not exposed through LDAP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.18 NAME 'scalixLimitInboundMail'
DESC 'As Sanction on Mailbox quota overuse, stop user from receiving mail. Set to TRUE or FALSE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.10 NAME 'scalixScalixObject'
DESC 'boolean TRUE or FALSE for creating scalix mailbox/PDL object. If this is set to FALSE and the object is matched by the omldapsync filter, a Contact entry/Internet user is created. If set to true, a mailbox is setup. For Group/PDL objects, this must always be set to true.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.15 NAME 'scalixEmailAddress'
DESC 'List of SMTP addresses of user. This is a multi-valued attribute. The order is important as the first of these values is used as the outgoing from address of the user.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.20 NAME 'scalixHideUserEntry'
DESC 'Hide User Entry from Addressbook. Set to TRUE or FALSE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.12 NAME 'scalixAdministrator'
DESC 'Boolean TRUE or FALSE for admin capability. If set to TRUE, the user created will have full Scalix admin capabilites.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.17 NAME 'scalixLimitOutboundMail'
DESC 'As Sanction on Mailbox quota overuse, stop user from sending mail. Set to TRUE or FALSE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.14 NAME 'scalixServerLanguage'
DESC 'Message catalog language for client. This is one of the Scalix-supported languages found in /var/opt/scalix/nls/om_langs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.19 NAME 'scalixLimitNotifyUser'
DESC 'As Sanction on Mailbox quota overuse, notify the User by eMail. Set to TRUE or FALSE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.11 NAME 'scalixMailnode'
DESC 'Comma-separated org units for object.s mailnode. This is the Mailnode name as defined when the Scalix server was setup. In Multi-server environments, this is used to select on which server the object is to be created.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.16 NAME 'scalixLimitMailboxSize'
DESC 'mailbox size limit for the user in MB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.1.21 NAME 'scalixMailboxClass'
DESC 'Class of User Mailbox FULL or LIMITED. This maps to Premium or Standard users as defined by Scalix User licensing policy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
objectClasses: ( 1.2.10 NAME 'scalixUserClass'
SUP top STRUCTURAL MUST ( scalixMailnode $ scalixScalixObject ) MAY ( scalixAdministrator $ scalixEmailAddress $ scalixHideUserEntry $ scalixLimitInboundMail $ scalixLimitMailboxSize $ scalixLimitNotifyUser $ scalixLimitOutboundMail $ scalixMailboxAdministrator $ scalixMailboxClass $ scalixServerLanguage ) X-ORIGIN 'user defined' )
objectClasses: ( 1.2.11 NAME 'scalixGroupClass'
SUP top STRUCTURAL MUST ( scalixMailnode $ scalixScalixObject ) MAY ( displayName $ scalixEmailAddress $ scalixHideUserEntry ) X-ORIGIN 'user defined' )
Appendix C -slapd.conf (OpenLDAP Server)
This is a sample slapd.conf file taken from OpenLAP version 2.3.35 running on Ubuntu 7.1 (Gutsy Gibbon). Your slapd.conf file may be more or less complex than this one.
- This is the main slapd configuration file. See slapd.conf(5) for more
- info on the configuration options.
- Global Directives:
- Features to permit
- allow bind_v2
- Schema and objectClass definitions
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/ldapsync13.schema
- Where the pid file is put. The init.d script
- will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
- List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
- Read slapd.conf(5) for possible values
loglevel 256
- Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap moduleload back_bdb
- The maximum number of entries that is returned for a search operation
sizelimit 5000
- The tool-threads parameter sets the actual amount of cpu's that is used
- for indexing.
tool-threads 1
- Specific Backend Directives for bdb:
- Backend specific directives apply to this backend until another
- 'backend' directive occurs
backend bdb checkpoint 512 30
- Specific Backend Directives for 'other':
- Backend specific directives apply to this backend until another
- 'backend' directive occurs
- backend <other>
- Specific Directives for database #1, of type bdb:
- Database specific directives apply to this databasse until another
- 'database' directive occurs
database bdb
- The base of your directory in database #1
suffix "dc=mydomain,dc=net"
- rootdn directive for specifying a superuser on the database. This is needed
- for syncrepl.
rootdn "cn=admin,dc=mydomain,dc=net" rootpw {SSHA}EGBbPLdQg0o5RoUQBwIQBkymApuC/YFa
- Where the database file are physically stored for database #1
directory "/var/lib/ldap/mydomain"
- For the Debian package we use 2MB as default but be sure to update this
- value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
- Sven Hartge reported that he had to set this value incredibly high
- to get slapd running at all. See http://bugs.debian.org/303057
- for more information.
- Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
- Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
- Number of lockers
dbconfig set_lk_max_lockers 1500
- Indexing options for database #1
index objectClass eq
- Save the time that the entry gets modified, for database #1
lastmod on
- Where to store the replica logs for database #1
- replogfile /var/lib/ldap/replog
- The userPassword by default can be changed
- by the entry owning it if they are authenticated.
- Others should not be able to see it, except the
- admin entry below
- These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=mydomain,dc=net" write by anonymous auth by self write by * none
- Ensure read access to the base for things like
- supportedSASLMechanisms. Without this you may
- have problems with SASL not knowing what
- mechanisms are available and the like.
- Note that this is covered by the 'access to *'
- ACL below too but if you change that as people
- are wont to do you'll still need this if you
- want SASL (and possible other things) to work
- happily.
access to dn.base="" by * read
- The admin dn has full write access, everyone else
- can read everything.
access to *
by dn="cn=admin,dc=mydomain,dc=net" write by * read
- For Netscape Roaming support, each user gets a roaming
- profile for which they have write access to
- access to dn=".*,ou=Roaming,o=morsnet"
- by dn="cn=admin,dc=mydomain,dc=net" write
- by dnattr=owner write
- Specific Directives for database #2, of type 'other' (can be bdb too):
- Database specific directives apply to this databasse until another
- 'database' directive occurs
- database <other>
- The base of your directory for database #2
- suffix "dc=debian,dc=org"