diff --git a/Dockerfile b/Dockerfile index aeaac6f8..84f97c37 100644 --- a/Dockerfile +++ b/Dockerfile @@ -113,7 +113,7 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e # Configures LDAP COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot -COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/ldap-aliases.cf /etc/postfix/ +COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/ldap-aliases.cf target/postfix/ldap-domains.cf /etc/postfix/ # Enables Spamassassin CRON updates RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin diff --git a/Makefile b/Makefile index 05b2db98..45d4c67b 100644 --- a/Makefile +++ b/Makefile @@ -116,6 +116,7 @@ run: -e LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" \ -e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \ -e LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" \ + -e LDAP_QUERY_FILTER_DOMAIN="(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))" \ -e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ -e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ -e ENABLE_SASLAUTHD=1 \ diff --git a/target/postfix/ldap-domains.cf b/target/postfix/ldap-domains.cf new file mode 100644 index 00000000..83b48e06 --- /dev/null +++ b/target/postfix/ldap-domains.cf @@ -0,0 +1,8 @@ +bind = yes +bind_dn = cn=admin,dc=domain,dc=com +bind_pw = admin +query_filter = (&(|(mail=*@%s)(mailalias=*@%s))(mailEnabled=TRUE)) +result_attribute = mail +search_base = ou=people,dc=domain,dc=com +server_host = mail.domain.com +version = 3 \ No newline at end of file diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index f17d5c5d..3881e1e4 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -525,7 +525,7 @@ function _setup_ldap() { notify 'inf' 'Checking for custom configs' # cp config files if in place - for i in 'users' 'groups' 'aliases'; do + for i in 'users' 'groups' 'aliases' 'domains'; do fpath="/tmp/docker-mailserver/ldap-${i}.cf" if [ -f $fpath ]; then cp ${fpath} /etc/postfix/ldap-${i}.cf @@ -533,11 +533,12 @@ function _setup_ldap() { done notify 'inf' 'Starting to override configs' - for f in /etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf + for f in /etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf /etc/postfix/ldap-domains.cf do [[ $f =~ ldap-user ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_USER}" [[ $f =~ ldap-group ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}" [[ $f =~ ldap-aliases ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}" + [[ $f =~ ldap-domains ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_DOMAIN}" configomat.sh "LDAP_" "${f}" done @@ -571,6 +572,10 @@ function _setup_ldap() { postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \ notify 'inf' "==> Warning: /etc/postfix/ldap-user.cf not found" + [ -f /etc/postfix/ldap-domains.cf ] && \ + postconf -e "virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf" || \ + notify 'inf' "==> Warning: /etc/postfix/ldap-domains.cf not found" + [ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \ postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \ notify 'inf' "==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found" diff --git a/test/docker-openldap/bootstrap/ldif/03_user-email-other-primary-domain.ldif b/test/docker-openldap/bootstrap/ldif/03_user-email-other-primary-domain.ldif new file mode 100644 index 00000000..f949349c --- /dev/null +++ b/test/docker-openldap/bootstrap/ldif/03_user-email-other-primary-domain.ldif @@ -0,0 +1,25 @@ +# -------------------------------------------------------------------- +# Create mail accounts +# -------------------------------------------------------------------- +# Some User +dn: uniqueIdentifier=some.other.user,ou=people,dc=localhost,dc=localdomain +changetype: add +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: PostfixBookMailAccount +objectClass: extensibleObject +cn: Some Other User +givenName: Other User +mail: some.other.user@localhost.otherdomain +mailAlias: postmaster@localhost.otherdomain +mailGroupMember: employees@localhost.otherdomain +mailEnabled: TRUE +mailGidNumber: 5000 +mailHomeDirectory: /var/mail/localhost.localdomain/some.other.user/ +mailQuota: 10240 +mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.other.user/ +mailUidNumber: 5000 +sn: Some +uniqueIdentifier: some.other.user +userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx diff --git a/test/docker-openldap/bootstrap/ldif/04_user-email-different-uid.ldif b/test/docker-openldap/bootstrap/ldif/04_user-email-different-uid.ldif new file mode 100644 index 00000000..b991993f --- /dev/null +++ b/test/docker-openldap/bootstrap/ldif/04_user-email-different-uid.ldif @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------- +# Create mail accounts +# -------------------------------------------------------------------- +# Some User +dn: uniqueIdentifier=some.user.id,ou=people,dc=localhost,dc=localdomain +changetype: add +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: PostfixBookMailAccount +objectClass: extensibleObject +cn: Some User +givenName: User +mail: some.user.email@localhost.localdomain +mailEnabled: TRUE +mailGidNumber: 5000 +mailHomeDirectory: /var/mail/localhost.localdomain/some.user.id/ +mailQuota: 10240 +mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user.id/ +mailUidNumber: 5000 +sn: Some +uniqueIdentifier: some.user.id +userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx diff --git a/test/tests.bats b/test/tests.bats index e9ad3e94..8e867b86 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -1051,6 +1051,22 @@ load 'test_helper/bats-assert/load' run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" assert_success assert_output "some.user@localhost.localdomain" + + # Test of the user part of the domain is not the same as the uniqueIdentifier part in the ldap + run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user.email@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" + assert_success + assert_output "some.user.email@localhost.localdomain" + + # Test email receiving from a other domain then the primary domain of the mailserver + run docker exec mail_with_ldap /bin/sh -c "postmap -q some.other.user@localhost.otherdomain ldap:/etc/postfix/ldap-users.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.otherdomain ldap:/etc/postfix/ldap-aliases.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.otherdomain ldap:/etc/postfix/ldap-groups.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" } @test "checking postfix: ldap custom config files copied" { @@ -1099,6 +1115,14 @@ load 'test_helper/bats-assert/load' assert_output 1 } +@test "checking dovecot: ldap mail delivery works for a different domain then the mailserver" { + run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.other.user@localhost.otherdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" + sleep 10 + run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.other.user/new | wc -l" + assert_success + assert_output 1 +} + @test "checking dovecot: ldap config overwrites success" { run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext" assert_success