From 3662973985c6b9d432f09f63c07b9faa144863e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= <becue@crans.org>
Date: Mon, 21 Oct 2013 21:07:27 +0200
Subject: [PATCH] [SASL] Prise en compte de shadowExpire + [LDAP] Idem niveau
 ACL

---
 Cfg/etc/saslauthd.conf/saslauthd.conf                 |  2 +-
 .../templatedir/cn=config/olcDatabase={1}bdb.ldif     | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/Cfg/etc/saslauthd.conf/saslauthd.conf b/Cfg/etc/saslauthd.conf/saslauthd.conf
index 5207c27..084fde8 100644
--- a/Cfg/etc/saslauthd.conf/saslauthd.conf
+++ b/Cfg/etc/saslauthd.conf/saslauthd.conf
@@ -1,5 +1,5 @@
 ldap_servers: ldap://ldap.adm.crans.org
 ldap_bind_dn: cn=postfix,dc=crans,dc=org
 ldap_password: f34842fd04aa7f58bc45bb
-ldap_filter: (&(objectClass=posixAccount)(uid=%u))
+ldap_filter: (&(objectClass=posixAccount)(uid=%u)(!(shadowExpire=0)))
 ldap_search_base: ou=data,dc=crans,dc=org
diff --git a/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif b/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
index 88cf3ba..a356d1f 100644
--- a/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
+++ b/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
@@ -18,13 +18,14 @@ rid = str(int(rid[rid.rfind(".")+1:])+255)
 @olcAccess: {1}to dn.base=""  by * read
 @olcAccess: {2}to dn.regex="^(a|c)id=[0-9]+,ou=data,dc=crans,dc=org$$"  attrs=m
 @ ailAlias,canonicalAlias,uid,mail,entry,objectClass,contourneGreylist,rewriteM
-@ ailHeaders  by dn.regex="cn=postfix,dc=crans,dc=org" read  by * +0 break
+@ ailHeaders,shadowExpire  by dn.regex="cn=postfix,dc=crans,dc=org" read  by * 
+@ +0 break
 @olcAccess: {3}to dn.regex="^(a|c)id=[0-9]+,ou=data,dc=crans,dc=org$$"  attrs=u
-@ id,entry,objectClass  by dn.regex="cn=intranet,dc=crans,dc=org" read  by * +0
-@  break
+@ id,entry,objectClass,shadowExpire  by dn.regex="cn=intranet,dc=crans,dc=org" 
+@ read  by * +0 break
 @olcAccess: {4}to dn.regex="^(a|c)id=[0-9]+,ou=data,dc=crans,dc=org$$"  attrs=u
-@ id,homeDirectory,uidNumber,gidNumber,userPassword,objectClass,entry  by dn.re
-@ gex="cn=dovecot,dc=crans,dc=org" read  by * +0 break
+@ id,homeDirectory,uidNumber,gidNumber,userPassword,objectClass,entry,shadowExp
+@ ire  by dn.regex="cn=dovecot,dc=crans,dc=org" read  by * +0 break
 @olcAccess: {5}to *  by group/labeledURIObject/labeledURI.exact="cn=adm,ou=grou
 @ p,dc=crans,dc=org" write  by group/labeledURIObject/labeledURI.exact="cn=resp
 @ bats,ou=group,dc=crans,dc=org" read  by * +0 break