# # File generated by iRedMail (2011.08.06.21.24.40): # # Version: 0.7.2 # Project: http://www.iredmail.org/ # # Community: http://www.iredmail.org/forum/ # # Schemas. include /etc/openldap/schema/core.schema include /etc/openldap/schema/corba.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # Integrate Amavisd-new. include /etc/openldap/schema/amavisd-new.schema # Schema provided by iRedMail. include /etc/openldap/schema/iredmail.schema # Where the pid file is put. The init.d script will not stop the # server if you change this. pidfile /var/run/openldap/slapd.pid # List of arguments that were passed to the server argsfile /var/run/openldap/slapd.args # TLS files. TLSCACertificateFile /etc/pki/tls/certs/iRedMail_CA.pem TLSCertificateFile /etc/pki/tls/certs/iRedMail_CA.pem TLSCertificateKeyFile /etc/pki/tls/private/iRedMail.key # Disallow bind as anonymous. disallow bind_anon # Uncomment below line to allow binding as anonymouse. #allow bind_anon_cred # Specify LDAP protocol version. require LDAPv3 #allow bind_v2 # Log level. # -1: enable all debugging # 0: no debugging # 128: access control list processing # 256: stats log connections/operations/results loglevel 256 # # Access Control List. Used for LDAP bind. # # NOTE: Every domain have a administrator. e.g. # Domain Name: 'nesto.net' # Admin Name: mail=postmaster@nesto.net, domainName=nesto.net, o=domains,dc=nesto,dc=net # # Personal LDAP address book. access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=nesto,dc=net$" by anonymous none by self none by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=nesto,dc=net$" write by users none # Allow users to change their own passwords and mail forwarding addresses. access to attrs="userPassword,mailForwardingAddress" by anonymous auth by self write by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users none # Allow to read others public info. access to attrs="cn,sn,gn,givenName,telephoneNumber" by anonymous auth by self write by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users read # Domain attrs. access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBccAddress,domainRecipientBccAddress,domainBackupMX,domainMaxQuotaSize,domainMaxUserNumber" by anonymous auth by self read by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users read access to attrs="domainAdmin,domainGlobalAdmin,domainSenderBccAddress,domainRecipientBccAddress" by anonymous auth by self read by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users none # User attrs. access to attrs="employeeNumber,homeDirectory,mailMessageStore,mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailQuota,backupMailAddress,shadowAddress" by anonymous auth by self read by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users read # # Set ACL for vmail/vmailadmin. # access to dn="cn=vmail,dc=nesto,dc=net" by anonymous auth by self write by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users none access to dn="cn=vmailadmin,dc=nesto,dc=net" by anonymous auth by self write by users none # # Allow users to access their own domain subtree. # Allow domain admin to modify accounts under same domain. # access to dn.regex="domainName=([^,]+),o=domains,dc=nesto,dc=net$" by anonymous auth by self write by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=nesto,dc=net$" write by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=nesto,dc=net$" read by users none # # Grant correct privileges to vmail/vmailadmin. # access to dn.subtree="o=domains,dc=nesto,dc=net" by anonymous auth by self write by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=nesto,dc=net$" read by users read access to dn.subtree="o=domainAdmins,dc=nesto,dc=net" by anonymous auth by self write by dn.exact="cn=vmail,dc=nesto,dc=net" read by dn.exact="cn=vmailadmin,dc=nesto,dc=net" write by users none # # Set permission for "cn=*,dc=nesto,dc=net". # access to dn.regex="cn=[^,]+,dc=nesto,dc=net" by anonymous auth by self write by users none # # Set default permission. # access to * by anonymous auth by self write by users read ####################################################################### # BDB database definitions ####################################################################### database bdb suffix dc=nesto,dc=net directory /var/lib/ldap/nesto.net rootdn cn=Manager,dc=nesto,dc=net rootpw {SSHA}cFDYJyOwCDFcaGHcZObb34uPowAgSEnY sizelimit 1000 cachesize 1000 # # Set directory permission. # mode 0700 # # Default index. # index objectClass eq,pres index uidNumber,gidNumber,uid,memberUid,loginShell eq,pres index homeDirectory,mailMessageStore eq,pres index ou,cn,mail,surname,givenname,telephoneNumber eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index shadowLastChange eq,pres # # Index for mail attrs. # # ---- Domain related ---- index domainName,mtaTransport,accountStatus,enabledService eq,pres,sub index domainAliasName eq,pres,sub index domainMaxUserNumber eq,pres index domainAdmin,domainGlobalAdmin,domainBackupMX eq,pres,sub index domainSenderBccAddress,domainRecipientBccAddress eq,pres,sub # ---- Group related ---- index accessPolicy,hasMember,listAllowedUser eq,pres,sub # ---- User related ---- index mailForwardingAddress,shadowAddress eq,pres,sub index backupMailAddress,memberOfGroup eq,pres,sub index userRecipientBccAddress,userSenderBccAddress eq,pres,sub