# Grant the Roundcub user to create private users
access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword
by dn="cn=rcuser,ou=rcabook,dc=localhost" write
by anonymous auth
by self write
by * none
# For user authentication and password change
access to attrs=userPassword
by dn="cn=admin,dc=localhost" write
by anonymous auth
by self write
by * none
# Grant the Roundcube users access to their private addressbooks
access to dn.regex="^.*cn=([^,]+),ou=private,ou=rcabook,dc=localhost$"
by dn="cn=admin,dc=localhost" write
by dn="cn=rcuser,ou=rcabook,dc=localhost" write
by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write
# Grant the Roundcube user access to the whole addressbook
access to dn.subtree="ou=rcabook,dc=localhost"
by dn="cn=admin,dc=localhost" write
by dn="cn=rcuser,ou=rcabook,dc=localhost" write
# For direcory access
access to *
by dn="cn=admin,dc=localhost" write