Hi,
As I mentioned earlier, I am creating a plugin. My plugin creates the
following container:
# postfixadmin, mailserver, etc, ipa.test
dn: cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=test
objectClass: top
objectClass: nsContainer
cn: postfixadmin
Domain entries are like this:
# ipa.test, postfixadmin, mailserver, etc, ipa.test
dn: cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=test
cn: ipa.test
objectClass: postfixDomain
objectClass: nsContainer
objectClass: top
Mailboxes are under a domain:
# francis, ipa.test, postfixadmin, mailserver, etc, ipa.test
dn:
uid=francis,cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=te
st
uid: francis
givenName: francis
sn: Medeiros-Logeay
objectClass: postfixMailbox
objectClass: person
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: top
objectClass: organizationalPerson
cn: francis Medeiros-Logeay
postfixMailAddress: [email protected]
status: TRUE
And finally aliases:
# testing, ipa.test, postfixadmin, mailserver, etc, ipa.test
dn:
uid=testing,cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=te
st
uid: testing
postfixMailDestination: [email protected]
status: FALSE
objectClass: postfixAlias
objectClass: top
postfixMailAlias: [email protected]
However, when using ldapsearch with a system user and using
cn=postfixadmin,cn=mailserver,cn=etc,$SUFFIX, I only get the top
container and the domain. I don’t get any of the other entries. Doing
the same with an admin gives me all the entries below the mentioned
DN.
I am confused about permissions, so I tried to add this to the class
«Alias» on my plugin code:
managed_permissions = {
'System: Read Mail Data': {
'ipapermlocation': DN(('cn', 'postfixadmin'), ('cn',
'mailserver'), ('cn', 'etc')),
'ipapermbindruletype': 'annonymous',
'ipapermtarget': DN(('cn', 'postfixadmin'), ('cn',
'mailserver'), ('cn', 'etc')),
'replaces_global_anonymous_aci': True,
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'cn', 'objectclass',
'postfixMailAlias',
'postfixMailDestination','uid','dn'
}
}
}
It doesn’t seem to help.
I also added an attribute to my users, called «postfixMailAddress».
That attribute is also not visible to my system user, despite having
added this to my code:
user.managed_permissions = {**user.managed_permissions, **{
'System: Read User Mail Attributes': {
'ipapermbindruletype': 'all ',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'postfixMailAddress', 'status', 'mailquota'
},
'System: Modify User Mail Attributes': {
'ipapermbindruletype': 'permission',
'ipapermright': {'write', 'add', 'delete'},
'ipapermdefaultattr': {
'postfixMailAddress', 'status', 'mailquota'
}
}
}}}
I’d love if someone could please point me to the right direction to
manage these permissions so that my binding user can see attributes
and entries.
