From 9a739113f419102aad8b472d13f3f4f3246dcdac Mon Sep 17 00:00:00 2001 From: Casper Date: Sat, 4 Jun 2022 21:28:13 +0200 Subject: [PATCH] chore: Migrate `SASLAUTHD_*` vars into `start-mailserver.sh` (#2562) --- target/scripts/start-mailserver.sh | 45 ++++++++++++++++++++++++++ target/scripts/startup/setup-stack.sh | 46 --------------------------- 2 files changed, 45 insertions(+), 46 deletions(-) diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index a98a2081..9c5bbc71 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -116,6 +116,51 @@ VARS[TZ]="${TZ:=}" VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}" VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}" +# SASL specific variables +VARS[SASLAUTHD_MECHANISMS]="${SASLAUTHD_MECHANISMS:=pam}" +VARS[SASLAUTHD_LDAP_SERVER]="${SASLAUTHD_LDAP_SERVER:=${LDAP_SERVER_HOST}}" +VARS[SASLAUTHD_LDAP_FILTER]="${SASLAUTHD_LDAP_FILTER:=(&(uniqueIdentifier=%u)(mailEnabled=TRUE))}" +VARS[SASLAUTHD_LDAP_BIND_DN]="${SASLAUTHD_LDAP_BIND_DN:=${LDAP_BIND_DN}}" +VARS[SASLAUTHD_LDAP_PASSWORD]="${SASLAUTHD_LDAP_PASSWORD:=${LDAP_BIND_PW}}" +VARS[SASLAUTHD_LDAP_SEARCH_BASE]="${SASLAUTHD_LDAP_SEARCH_BASE:=${LDAP_SEARCH_BASE}}" +[[ ${SASLAUTHD_LDAP_SERVER} != *'://'* ]] && SASLAUTHD_LDAP_SERVER="ldap://${SASLAUTHD_LDAP_SERVER}" +VARS[SASLAUTHD_LDAP_SERVER]="${SASLAUTHD_LDAP_SERVER}" +VARS[SASLAUTHD_LDAP_START_TLS]="${SASLAUTHD_LDAP_START_TLS:=no}" +VARS[SASLAUTHD_LDAP_TLS_CHECK_PEER]="${SASLAUTHD_LDAP_TLS_CHECK_PEER:=no}" +VARS[SASLAUTHD_LDAP_AUTH_METHOD]="${SASLAUTHD_LDAP_AUTH_METHOD:=bind}" + +if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]] +then + SASLAUTHD_LDAP_TLS_CACERT_FILE='' +else + SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}" +fi +VARS[SASLAUTHD_LDAP_TLS_CACERT_FILE]="${SASLAUTHD_LDAP_TLS_CACERT_FILE}" + +if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]] +then + SASLAUTHD_LDAP_TLS_CACERT_DIR='' +else + SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}" +fi +VARS[SASLAUTHD_LDAP_TLS_CACERT_DIR]="${SASLAUTHD_LDAP_TLS_CACERT_DIR}" + +if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]] +then + SASLAUTHD_LDAP_PASSWORD_ATTR='' +else + SASLAUTHD_LDAP_PASSWORD_ATTR="ldap_password_attr: ${SASLAUTHD_LDAP_PASSWORD_ATTR}" +fi +VARS[SASLAUTHD_LDAP_PASSWORD_ATTR]="${SASLAUTHD_LDAP_PASSWORD_ATTR}" + +if [[ -z ${SASLAUTHD_LDAP_MECH} ]] +then + SASLAUTHD_LDAP_MECH='' +else + SASLAUTHD_LDAP_MECH="ldap_mech: ${SASLAUTHD_LDAP_MECH}" +fi +VARS[SASLAUTHD_LDAP_MECH]="${SASLAUTHD_LDAP_MECH}" + # ------------------------------------------------------------ # ? << Setup of default and global values / variables # -- diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index 07c8de75..7fd7d188 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -538,52 +538,6 @@ function _setup_saslauthd { _log 'debug' 'Setting up SASLAUTHD' - # checking env vars and setting defaults - [[ -z ${SASLAUTHD_MECHANISMS:-} ]] && SASLAUTHD_MECHANISMS=pam - [[ -z ${SASLAUTHD_LDAP_SERVER} ]] && SASLAUTHD_LDAP_SERVER="${LDAP_SERVER_HOST}" - [[ -z ${SASLAUTHD_LDAP_FILTER} ]] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))' - - [[ -z ${SASLAUTHD_LDAP_BIND_DN} ]] && SASLAUTHD_LDAP_BIND_DN="${LDAP_BIND_DN}" - [[ -z ${SASLAUTHD_LDAP_PASSWORD} ]] && SASLAUTHD_LDAP_PASSWORD="${LDAP_BIND_PW}" - [[ -z ${SASLAUTHD_LDAP_SEARCH_BASE} ]] && SASLAUTHD_LDAP_SEARCH_BASE="${LDAP_SEARCH_BASE}" - - if [[ ${SASLAUTHD_LDAP_SERVER} != *'://'* ]] - then - SASLAUTHD_LDAP_SERVER="ldap://${SASLAUTHD_LDAP_SERVER}" - fi - - [[ -z ${SASLAUTHD_LDAP_START_TLS} ]] && SASLAUTHD_LDAP_START_TLS=no - [[ -z ${SASLAUTHD_LDAP_TLS_CHECK_PEER} ]] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no - [[ -z ${SASLAUTHD_LDAP_AUTH_METHOD} ]] && SASLAUTHD_LDAP_AUTH_METHOD=bind - - if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]] - then - SASLAUTHD_LDAP_TLS_CACERT_FILE='' - else - SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}" - fi - - if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]] - then - SASLAUTHD_LDAP_TLS_CACERT_DIR='' - else - SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}" - fi - - if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]] - then - SASLAUTHD_LDAP_PASSWORD_ATTR='' - else - SASLAUTHD_LDAP_PASSWORD_ATTR="ldap_password_attr: ${SASLAUTHD_LDAP_PASSWORD_ATTR}" - fi - - if [[ -z ${SASLAUTHD_LDAP_MECH} ]] - then - SASLAUTHD_LDAP_MECH='' - else - SASLAUTHD_LDAP_MECH="ldap_mech: ${SASLAUTHD_LDAP_MECH}" - fi - if [[ ! -f /etc/saslauthd.conf ]] then _log 'trace' 'Creating /etc/saslauthd.conf'