stoney mail: OpenLDAP directory data organisation

From stoney cloud
Revision as of 14:54, 18 February 2019 by Michael (Talk | contribs)


Jump to: navigation, search

Abstract

This document describes the OpenLDAP directory data organisation for the stoney mail service, including groupware functionality based on Open-Xchange.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the stoney mail service.

Mail

The following LDIF shows the mail entry of the whole OpenLDAP directory tree for the stoney cloud:

dn: ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: mail

Mail Configuration

The sub tree for the configuration of the stoney mail service:

dn: ou=configuration,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the stoney mail service.

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
ou
MUST
x
This configuration leaf (ou: Organizational Unit), collects the stoney mail service related configuration.
description
MAY
x
The description of this leaf.

Legend:

  • x: Mandatory in all cases.

Mail Reseller

The sub tree for the reseller specific stoney mail service configuration:

dn: ou=reseller,ou=configuration,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific stoney mail service configuration.

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
ou
MUST
x
This reseller leaf (ou: Organizational Unit), collects the stoney mail service reseller related configuration.
description
MAY
x
The description of this leaf.

Legend:

  • x: Mandatory in all cases.

The sub tree for the specific stoney mail service settings for the reseller Reseller Ltd. with the uid 4000000.

dn: uid=4000000,ou=reseller,ou=configuration,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
objectclass: sstServiceConfigurationObjectClass
uid: 4000000
o: Reseller Ltd.
description: The sub tree for the specific stoney mail service settings for the reseller Reseller Ltd. with the uid 4000000.
sstIsActive: TRUE
sstIsDefault: TRUE
sstBelongsToResellerUID: 4000000

The following table describes the different attributes:

Attribute
Existence
Mandatory
Self-Service
Changeable
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
organizationName
MAY
x
The organisation name of the reseller. For example: Reseller Ltd. when sstIsCompany: TRUE). Or in case of a person (sstIsCompany: FALSE), the organisation name would be set to: Surname, Name (The content of the attributes surname and givenName).
description
MAY
The description of the leaf.
sstIsCompany
MUST
x
Is the entry a company? Either TRUE (yes) or FALSE (no).
sstIsActive
MUST
x
Is the entry active? Either TRUE (yes) or FALSE (no).
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstIsDefault
MAY
Contains the leaf a default entry? Either TRUE (yes) or FALSE (no). If sstIsDefault is set to TRUE, this entry acts as a fall back configuration. In other words: If a reseller doesn't have his own (online) backup service configuration, then this on will be used.
sstBelongsToResellerUID
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. In this case, the attribute uid and sstBelongsToResellerUID must match with each other!

Legend:

  • x: Mandatory in all cases.

Mail Reseller Logout-Redirection

The sub tree for the reseller logout-redirect specific stoney mail service configuration:

dn: ou=logout-redirect, ou=reseller,ou=configuration,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: logout-redirect
description: The sub tree for the reseller logout-redirect specific stoney mail service configuration.

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
ou
MUST
x
This logout-redirect leaf (ou: Organizational Unit), collects the stoney mail service reseller logout-redirect related configuration.
description
MAY
x
The description of this leaf.

Legend:

  • x: Mandatory in all cases.

The sub tree for the reseller logout-redirect specific stoney mail service settings, coming from the fully qualified domain name (fqdn) groupware.stoney-cloud.org.

dn: ou=groupware.stoney-cloud.org,ou=logout-redirect, ou=reseller,ou=configuration,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstLogoutRedirect
ou: groupware.stoney-cloud.org
description: The sub tree for the reseller logout-redirect specific stoney mail service settings, coming from the fully qualified domain name (fqdn) groupware.stoney-cloud.org.
sstWebsiteURL: http://www.stoney-cloud.org/

The following table describes the different attributes:

Attribute
Existence
Mandatory
Self-Service
Changeable
Description
ou
MUST
x
This leaf (ou: Organizational Unit), contains the logout-redirect related configuration for a specific fully qualified domain name (fqdn). For example: groupware.stoney-cloud.org.
description
MAY
The description of the leaf.
sstWebsiteURL
MUST
x
The URI the user is redirected to, after they log out from the groupware application. For example: http://www.stoney-cloud.org/ or https://www.stoney-cloud.org/.

Legend:

  • x: Mandatory in all cases.

Mail Domains

The leafs containing the mail domains for the stoney mail service. We can have one of the following mail domain types:

  • Mail Domain: A local mail domain. For example: example.com.
  • Mail Domain Aliase: A mail domain (for example: example.org), which points to a local mail domain. For example: example.com. All email addresses ending with @example.org are thus forwarded to the local mail domain example.com.
  • Mail Domain Forward: A mail domain (for example: example.net), which points to an external mail domain (for example: external-domain.com).
  • Third Level Mail Domain: A third level mail domain (for example: customers.example.com). Actually a sub set of a normal mail domain.

Mail Domain example (example.com)

The following example shows the mail domain name stoney-cloud.org:

dn:sstMailDomain=example.com,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstMailDomain
objectclass: sstGroupwareOX
objectclass: sstProvisioning
objectclass: sstRelationship
sstMailDomain: example.com
sstIsActive: TRUE
sstGroupwareOXContextID: 3724493
sstGroupwareOXDomain: groupware.example.com
sstProvisioningExecutionDate: 0
sstProvisioningMode: add                 # Shouldn't this be changed to added after a successful provisioning step?
sstProvisioningState: 20100824T105847
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
sstBelongsToBillingUID: 3724493         # This attribute has the same function as the uid in other services.

Mail Domain Alias example (example.org)

The following example shows the mail domain alias example.org, which points to the local mail domain example.com.

dn: sstMailDomain=example.org,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstMailDomainAlias
objectclass: sstProvisioning
objectclass: sstRelationship
sstMailDomain: example.org
sstIsActive: TRUE
sstProvisioningExecutionDate: 0
sstProvisioningMode: add                 # Shouldn't this be changed to added after a successful provisioning step?
sstProvisioningState: 20100824T115418
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
sstBelongsToBillingUID: 3724533         # This attribute has the same function as the uid in other services.

The following sub tree is an essential part of the Mail Domain Alias example:

dn: sstMail=@example.org,sstMailDomain=example.org,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstMailWildcardAlias
objectclass: amavisAccount
objectclass: sstProvisioning
objectclass: sstRelationship
sstMail: @example.org
sstMailForward: @example.com
sstIsActive: TRUE
sstProvisioningExecutionDate: 0
sstProvisioningMode: add                 # Shouldn't this be changed to added after a successful provisioning step?
sstProvisioningState: 20100824T115418
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
sstBelongsToBillingUID: 3724533         # This attribute has the same function as the uid in other services.

Mail Domain Forward example (example.net)

A mail domain (for example: example.net), which points to an external mail domain (for example: external-domain.com).

Third Level Mail Domain example (customers.example.com)

A third level mail domain (for example: customers.example.com).

dn:sstMailDomain=customers.example.com,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstMailDomain
objectclass: sstGroupwareOX
objectclass: sstProvisioning
objectclass: sstRelationship
sstMailDomain: customers.example.com
sstIsActive: TRUE
sstGroupwareOXContextID: 3724493             # This is the product UID of the Mail Domain customers.stepping-stone.ch
sstGroupwareOXDomain: groupware.example.com
sstProvisioningExecutionDate: 0
sstProvisioningMode: add                     # Shouldn't this be changed to added after a successful provisioning step?
sstProvisioningState: 20100824T105847
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
sstBelongsToBillingUID: 3724493              # This attribute has the same function as the product UID in other services.

Mail Accounts

The leafs containing the mail accounts for the stoney mail service. We can have one of the following mail account types:

  • Mail Account: ...
  • Mail Alias Aliase: ...
  • ...
  • Third Level Mail Accounts': A third level mail account (for example: 3733908@customers.example.com). This is actually the same as a normal mail account.

Third Level Mail Account example (3734242@customers.example.com)

A third level mail account example (for example: 3734242@customers.example.com).

dn: sstMail=3734242@customers.example.com,sstMailDomain=customers.example.com,ou=mail,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstMailAccount
objectclass: amavisAccount
objectclass: sstProvisioning
objectclass: sstGroupwareOX
objectclass: sstRelationship
sstMail: 3734242@customers.example.com
userPassword: {SSHA}aZGHe8drtP39HvKhW7eQoKsrR4c1ZjgwNmI0Mjcy
sstMailMessageHomeDirectory: /var/vmail/2/242/734/3734242
sstMailMessageStore: mdbox:~/mdbox
sstMailReadIMAP: TRUE
sstMailReadPOP: TRUE
sstMailReceive: TRUE
sstMailSend: TRUE
sstMailWebmail: TRUE
sstMailAccountFolderSent: Sent
sstMailAccountFolderDrafts: Drafts
sstMailAccountFolderTrash: Trash
sstMailAccountFolderSpam: Spam
sstQuota: 104857600
sstIsActive: TRUE
givenName: sst-int-tst-0001
surname: os.stoney-cloud.org
preferredLanguage: en-GB
sstGender: 0
sstGroupwareOXContextID: 3726904
sstGroupwareOXAccountType: User
sstProvisioningMode: add
sstProvisioningExecutionDate: 0
sstProvisioningState: 20100824T105847
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
sstBelongsToBillingUID: 3734242

The following table describes the different attributes:

Attribute Objectclass
Existence
Mandatory
Description
sstMail sstMailAccount
MUST
x
RFC822 Address.

For example: sstMail: 3734242@customers.example.com.

userPassword sstMailAccount
MUST
x
SSHA user password. {SSHA} is a RFC 2307 password scheme which uses the SHA1 secure hash algorithm. For example: {SSHA}aZGHe8drtP39HvKhW7eQoKsrR4c1ZjgwNmI0Mjcy.
sstMailMessageHomeDirectory sstMailAccount
MUST
x
Path to the message home directory. It corresponds with the 7 digit product UID (Unique Identifier) of the Mail Account (sstBelongsToBillingUID: 3734242).

The following example describes, how the directory structure is built up for the account with the uid 3734242.

  • /var/vmail/g/efg/bcd/abcdefg
  • /var/vmail/2/242/734/3734242

For example: sstMailMessageHomeDirectory: /var/vmail/2/242/734/3734242.

sstMailMessageStore sstMailAccount
MUST
x
Path to the message store. Either mdbox:~/mdbox, ~/sdbx or ~/Maildir. The default is mdbox:~/mdbox.

For example: sstMailMessageStore: mdbox:~/mdbox.

sstMailReadIMAP sstMailAccount
MUST
x
Does the user have access to the IMAP Server? Either yes (TRUE) or no (FALSE). Default is TRUE.

For example: sstMailReadIMAP: TRUE

sstMailReadPOP sstMailAccount
MUST
x
Does the user have access to the POP Server? Either yes (TRUE) or no (FALSE). Default is TRUE.

For example: sstMailReadPOP: TRUE

sstMailReceive sstMailAccount
MUST
x
Can the user receive mail? Either yes (TRUE) or no (FALSE). Default is TRUE.

For example: sstMailReceive: TRUE

sstMailSend sstMailAccount
MUST
x
Can the user send mail? Either yes (TRUE) or no (FALSE). Default is TRUE.

For example: sstMailSend: TRUE

sstMailWebmail sstMailAccount
MUST
x
Does the user have access to default webmail? Either yes (TRUE) or no (FALSE). Default is TRUE.

For example: sstMailWebmail: TRUE

Original is TRUE, </code>FALSE</code> would better, as we don't have a web mail for the customer mail accounts. But don't change now.

sstMailAccountFolderSent sstMailAccount
MAY
x
The name of the IMAP sent folder. This value is dependent on the value of the attribute preferredLanguage:
  • en-GB: Sent
  • de-CH: Gesendete Objekte

For example: sstMailAccountFolderSent: Sent.

sstMailAccountFolderDrafts sstMailAccount
MAY
x
The name of the IMAP drafts folder. This value is dependent on the value of the attribute preferredLanguage:
  • en-GB: Drafts
  • de-CH: Entwürfe

For example: sstMailAccountFolderDrafts: Drafts.

sstMailAccountFolderTrash sstMailAccount
MAY
x
The name of the IMAP trash folder. This value is dependent on the value of the attribute preferredLanguage:
  • en-GB: Trash
  • de-CH: Papierkorb

For example: sstMailAccountFolderTrash: Trash.

sstMailAccountFolderSpam sstMailAccount
MAY
x
The name of the IMAP spam folder. This value is dependent on the value of the attribute preferredLanguage:
  • en-GB: Spam
  • de-CH: Spam

For example: sstMailAccountFolderSpam: Spam.

sstQuota sstMailAccount
MUST
x
The filesystem quota in bytes. For a customer mail account this is always 104857600 Bytes, which corresponds with 100 Mebibyte (MiB).

For example: sstQuota: 104857600.

sstIsActive sstMailAccount
MUST
x
Is the entry active? Either yes (TRUE) or no (FALSE). The default is TRUE.

For example: sstIsActive: TRUE.

givenName sstMailAccount
MUST
x
Given name (or first name), example: Hans. For a customer mail account, this value contains the host name.

For example: givenName: sst-int-tst-0001.

surname sstMailAccount
MUST
x
Surname (or last name), example: Muster/code>. For a customer mail account, this value contains the domain name.

For example: <code>surname: os.stoney-cloud.org.

preferredLanguage sstMailAccount
MUST
x
Mail account language of the user according to RFC 1766, example: en-GB or de-CH. The default is en-GB. Currently supported:
  • de-CH
  • en-GB

For example: preferredLanguage: en-GB.

sstGender sstMailAccount
MUST
x
Gender, either 0 (neutral, m (male) or f (female). For a customer mail account, the default is 0.

For example: sstGender: 0.

sstGroupwareOXContextID sstMailAccount
MAY
x
The Open-Xchange groupware context id, which corresponds wiht the product UID (Unique Identifier) of the Mail Domain customers.example.com.

For example: sstGroupwareOXContextID: 3726904.

sstGroupwareOXAccountType sstMailAccount
MAY
x
The Open-Xchange Groupware account type, either User or Resource. The default is User.

For example: sstGroupwareOXAccountType: User.

sstProvisioningMode sstProvisioning
MUST
x1
The provisioning mode, either add, modify or delete. For a new account, this attribute must be set to add. See the stoney core: OpenLDAP provisioning page for details. If the entry was successfully added, modified or deleted, the provisioning mode is changed to added, modified or deleted.
sstProvisioningExecutionDate sstProvisioning
MUST
x
The date the provisioning shall occur in the form of [YYYY][MM][DD] (ISO 8601). For a new account, this attribute must be set to 0. See the stoney core: OpenLDAP provisioning page for details.
sstProvisioningState sstProvisioning
MUST
x2
The provisioning state, either 0 or in the form of [YYYY][MM][DD]T[hh][mm][ss]Z (ISO 8601). Z is the zone designator for the zero UTC offset. For a new OpenStack Domain, this attribute must be set to 0. After the successful provisioning, the value is set to the time of the provisioning. For example: sstProvisioningState: 20180819T083208Z. See the stoney core: OpenLDAP provisioning page for details.
sstBelongsToResellerUID sstRelationship
MUST
x
Stores the reseller UID the leaf belongs to. A unique integer value with 7 digits or more.

For example: sstBelongsToResellerUID: 4000000.

sstBelongsToCustomerUID sstRelationship
MUST
x
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry.

For example: sstBelongsToCustomerUID: 4000001.

sstBelongsToPersonUID sstRelationship
MAY
Stores the person UID (Unique Identifier) the leaf belongs to.

For example: sstBelongsToPersonUID: 4000002.

sstBelongsToBillingUID sstRelationship
MAY
x
Stores the billing UID (Unique Identifier) the leaf belongs to. This the product UID (Unique Identifier) of the Mail Account. For example: 3734242 (this corresponds with the value of the attribute sstMail: 3734242@customers.example.com.

For example: sstBelongsToBillingUID: 3734242.

Legend:

  • x: Mandatory in all cases.
  • x1: Set sstProvisioningMode to either added, modified or deleted if modifying the entry manually.
  • x2: Use date --utc "+%Y%m%dT%H%M%SZ" to set the attribute sstProvisioningState if modifying the entry manually.