summaryrefslogtreecommitdiffstats
path: root/pykolab
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-20 16:35:41 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-20 16:38:38 +0100
commit95fee1f9e7fb1d8ea53857809c18bda66923dc4e (patch)
tree970ca74adf10f93e51eb3d1168f308925613ca66 /pykolab
parent4c618bed1dcc99f86251d9cf0f2641a506ded714 (diff)
downloadpykolab-95fee1f9e7fb1d8ea53857809c18bda66923dc4e.tar.gz
Find a Kolab LDAP schema extensions file starting with kolab and ending with '.ldif' so that it does not actually matter whether kolab2.ldif or kolab3.ldif is installed. (#1487)
Log an error if the schema file for LDAP schema extensions for Kolab cannot be found, or cannot be copied. (#1487) Append the ACI for kolab extensions only when the schema is actually successfully inserted. (#1487)
Diffstat (limited to 'pykolab')
-rw-r--r--pykolab/setup/setup_ldap.py30
1 files changed, 21 insertions, 9 deletions
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index cb8d776..2c5124f 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -289,18 +289,25 @@ ServerAdminPwd = %(admin_pass)s
schema_file = None
for root, directories, filenames in os.walk('/usr/share/doc/'):
for filename in filenames:
- if filename == 'kolab2.ldif':
+ if filename.startswith('kolab') and filename.endswith('.ldif') and not schema_file == None:
schema_file = os.path.join(root,filename)
if not schema_file == None:
- shutil.copy(
- schema_file,
- '/etc/dirsrv/slapd-%s/schema/99kolab2.ldif' % (
- _input['hostname']
- )
- )
+ try:
+ shutil.copy(
+ schema_file,
+ '/etc/dirsrv/slapd-%s/schema/99%s' % (
+ _input['hostname'],
+ os.path.basename(schema_file)
+ )
+ )
+ schema_error = False
+ except:
+ log.error(_("Could not copy the LDAP extensions for Kolab"))
+ schema_error = True
else:
- log.warning(_("Could not find the ldap Kolab schema file"))
+ log.error(_("Could not find the ldap Kolab schema file"))
+ schema_error = True
if os.path.isfile('/bin/systemctl'):
subprocess.call(['/bin/systemctl', 'restart', 'dirsrv.target'])
@@ -544,7 +551,12 @@ ServerAdminPwd = %(admin_pass)s
log.info(_("Setting access control to %s") % (_input['rootdn']))
dn = _input['rootdn']
aci = []
- aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || kolabAllowSMTPRecipient || displayName || kolabDelegate || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || kolabInvitationPolicy || pager || o || l || initials || kolabAllowSMTPSender || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+
+ if not schema_error:
+ aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || displayName || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || pager || o || l || initials || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+ else:
+ aci.append('(targetattr = "homePhone || preferredDeliveryMethod || jpegPhoto || postalAddress || carLicense || userPassword || mobile || kolabAllowSMTPRecipient || displayName || kolabDelegate || description || labeledURI || homePostalAddress || postOfficeBox || registeredAddress || postalCode || photo || title || street || kolabInvitationPolicy || pager || o || l || initials || kolabAllowSMTPSender || telephoneNumber || preferredLanguage || facsimileTelephoneNumber") (version 3.0;acl "Enable self write for common attributes";allow (read,compare,search,write)(userdn = "ldap:///self");)')
+
aci.append('(targetattr = "*") (version 3.0;acl "Directory Administrators Group";allow (all)(groupdn = "ldap:///cn=Directory Administrators,%(rootdn)s" or roledn = "ldap:///cn=kolab-admin,%(rootdn)s");)' % (_input))
aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)')
aci.append('(targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";)')