Implement more sasl config options

Follow up of: https://github.com/tomav/docker-mailserver/pull/980
Ref: https://github.com/tomav/docker-mailserver/issues/1704
This commit is contained in:
William Desportes 2020-12-08 15:07:01 +01:00
parent ec290acd1f
commit 17962c243a
No known key found for this signature in database
GPG key ID: 90A0EF1B8251A889
3 changed files with 52 additions and 0 deletions

View file

@ -808,6 +808,30 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
- empty or 0 => `ldap://` will be used
- 1 => `ldaps://` will be used
##### SASLAUTHD_LDAP_START_TLS
- **empty** => `no`
- `yes` => Enable `ldap_start_tls` option
##### SASLAUTHD_LDAP_TLS_CHECK_PEER
- **empty** => `no`
- `yes` => Enable `ldap_tls_check_peer` option
##### SASLAUTHD_LDAP_TLS_CACERT_DIR
Path to directory with CA (Certificate Authority) certificates.
- **empty** => Nothing is added to the configuration
- Any value => Fills the `ldap_tls_cacert_dir` option
##### SASLAUTHD_LDAP_TLS_CACERT_FILE
File containing CA (Certificate Authority) certificate(s).
- **empty** => Nothing is added to the configuration
- Any value => Fills the `ldap_tls_cacert_file` option
##### SASLAUTHD_LDAP_BIND_DN
- empty => anonymous bind

View file

@ -343,8 +343,19 @@ SASLAUTHD_LDAP_START_TLS=
# empty => no
# yes => Require and verify server certificate
# If yes you must/could specify SASLAUTHD_LDAP_TLS_CACERT_FILE or SASLAUTHD_LDAP_TLS_CACERT_DIR.
SASLAUTHD_LDAP_TLS_CHECK_PEER=
# File containing CA (Certificate Authority) certificate(s).
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_tls_cacert_file` option
SASLAUTHD_LDAP_TLS_CACERT_FILE=
# Path to directory with CA (Certificate Authority) certificates.
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_tls_cacert_dir` option
SASLAUTHD_LDAP_TLS_CACERT_DIR=
# empty => No sasl_passwd will be created
# string => `/etc/postfix/sasl_passwd` will be created with the string as password
SASL_PASSWD=

View file

@ -918,6 +918,20 @@ function _setup_saslauthd
[[ -z ${SASLAUTHD_LDAP_START_TLS} ]] && SASLAUTHD_LDAP_START_TLS=no
[[ -z ${SASLAUTHD_LDAP_TLS_CHECK_PEER} ]] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]]
then
SASLAUTHD_LDAP_TLS_CACERT_FILE=""
else
SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}"
fi
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]]
then
SASLAUTHD_LDAP_TLS_CACERT_DIR=""
else
SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
fi
if [[ ! -f /etc/saslauthd.conf ]]
then
_notify 'inf' "Creating /etc/saslauthd.conf"
@ -934,6 +948,9 @@ ldap_filter: ${SASLAUTHD_LDAP_FILTER}
ldap_start_tls: ${SASLAUTHD_LDAP_START_TLS}
ldap_tls_check_peer: ${SASLAUTHD_LDAP_TLS_CHECK_PEER}
${SASLAUTHD_LDAP_TLS_CACERT_FILE}
${SASLAUTHD_LDAP_TLS_CACERT_DIR}
ldap_referrals: yes
log_level: 10
EOF