mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Added support for Dovecot and Postfix LDAP TLS (#800)
* Allow setup of LDAP STARTTLS for Dovecot and Postfix * Added tests for TLS config override * Add missing Postfix TLS options * Added missing new line at the end of the file * Added STARTTLS tests for Postfix config
This commit is contained in:
parent
eea4ec1dbc
commit
d270fcdd40
2
Makefile
2
Makefile
|
@ -128,6 +128,7 @@ run:
|
||||||
-v "`pwd`/test":/tmp/docker-mailserver-test \
|
-v "`pwd`/test":/tmp/docker-mailserver-test \
|
||||||
-e ENABLE_LDAP=1 \
|
-e ENABLE_LDAP=1 \
|
||||||
-e LDAP_SERVER_HOST=ldap \
|
-e LDAP_SERVER_HOST=ldap \
|
||||||
|
-e LDAP_START_TLS=no \
|
||||||
-e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
|
-e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
|
||||||
-e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \
|
-e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \
|
||||||
-e LDAP_BIND_PW=admin \
|
-e LDAP_BIND_PW=admin \
|
||||||
|
@ -135,6 +136,7 @@ run:
|
||||||
-e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \
|
-e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \
|
||||||
-e LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" \
|
-e LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" \
|
||||||
-e LDAP_QUERY_FILTER_DOMAIN="(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))" \
|
-e LDAP_QUERY_FILTER_DOMAIN="(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))" \
|
||||||
|
-e DOVECOT_TLS=no \
|
||||||
-e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
|
-e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
|
||||||
-e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
|
-e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
|
||||||
-e ENABLE_SASLAUTHD=1 \
|
-e ENABLE_SASLAUTHD=1 \
|
||||||
|
|
10
README.md
10
README.md
|
@ -268,6 +268,11 @@ Otherwise, `iptables` won't be able to ban IPs.
|
||||||
- A second container for the ldap service is necessary (e.g. [docker-openldap](https://github.com/osixia/docker-openldap))
|
- A second container for the ldap service is necessary (e.g. [docker-openldap](https://github.com/osixia/docker-openldap))
|
||||||
- For preparing the ldap server to use in combination with this continer [this](http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/) article may be helpful
|
- For preparing the ldap server to use in combination with this continer [this](http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/) article may be helpful
|
||||||
|
|
||||||
|
##### LDAP_START_TLS
|
||||||
|
|
||||||
|
- **empty** => no
|
||||||
|
- yes => LDAP over TLS enabled for Postfix
|
||||||
|
|
||||||
##### LDAP_SERVER_HOST
|
##### LDAP_SERVER_HOST
|
||||||
|
|
||||||
- **empty** => mail.domain.com
|
- **empty** => mail.domain.com
|
||||||
|
@ -304,6 +309,11 @@ Otherwise, `iptables` won't be able to ban IPs.
|
||||||
- e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
|
- e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
|
||||||
- => Specify how ldap should be asked for aliases
|
- => Specify how ldap should be asked for aliases
|
||||||
|
|
||||||
|
##### DOVECOT_TLS
|
||||||
|
|
||||||
|
- **empty** => no
|
||||||
|
- yes => LDAP over TLS enabled for Dovecot
|
||||||
|
|
||||||
##### DOVECOT_USER_FILTER
|
##### DOVECOT_USER_FILTER
|
||||||
|
|
||||||
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
|
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
|
||||||
|
|
|
@ -3,6 +3,7 @@ default_pass_scheme = SSHA
|
||||||
dn = cn=admin,dc=domain,dc=com
|
dn = cn=admin,dc=domain,dc=com
|
||||||
dnpass = admin
|
dnpass = admin
|
||||||
hosts = mail.domain.com
|
hosts = mail.domain.com
|
||||||
|
tls = no
|
||||||
ldap_version = 3
|
ldap_version = 3
|
||||||
pass_attrs = uniqueIdentifier=user,userPassword=password
|
pass_attrs = uniqueIdentifier=user,userPassword=password
|
||||||
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
|
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
|
||||||
|
|
|
@ -5,4 +5,5 @@ query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -5,4 +5,5 @@ query_filter = (&(|(mail=*@%s)(mailalias=*@%s))(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
version = 3
|
start_tls = no
|
||||||
|
version = 3
|
||||||
|
|
|
@ -5,4 +5,5 @@ query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -5,4 +5,5 @@ query_filter = (&(mail=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -3,6 +3,7 @@ default_pass_scheme = SSHA
|
||||||
dn = cn=admin,dc=domain,dc=com
|
dn = cn=admin,dc=domain,dc=com
|
||||||
dnpass = admin
|
dnpass = admin
|
||||||
hosts = mail.domain.com
|
hosts = mail.domain.com
|
||||||
|
tls = no
|
||||||
ldap_version = 3
|
ldap_version = 3
|
||||||
pass_attrs = uniqueIdentifier=user,userPassword=password
|
pass_attrs = uniqueIdentifier=user,userPassword=password
|
||||||
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
|
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
|
||||||
|
|
|
@ -6,4 +6,5 @@ query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -6,4 +6,5 @@ query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -6,4 +6,5 @@ query_filter = (&(mail=%s)(mailEnabled=TRUE))
|
||||||
result_attribute = mail
|
result_attribute = mail
|
||||||
search_base = ou=people,dc=domain,dc=com
|
search_base = ou=people,dc=domain,dc=com
|
||||||
server_host = mail.domain.com
|
server_host = mail.domain.com
|
||||||
|
start_tls = no
|
||||||
version = 3
|
version = 3
|
||||||
|
|
|
@ -1177,6 +1177,8 @@ load 'test_helper/bats-assert/load'
|
||||||
@test "checking postfix: ldap config overwrites success" {
|
@test "checking postfix: ldap config overwrites success" {
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf"
|
||||||
assert_success
|
assert_success
|
||||||
|
run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-users.cf"
|
||||||
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
|
||||||
assert_success
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
|
||||||
|
@ -1184,6 +1186,8 @@ load 'test_helper/bats-assert/load'
|
||||||
|
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf"
|
||||||
assert_success
|
assert_success
|
||||||
|
run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-groups.cf"
|
||||||
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
|
||||||
assert_success
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
|
||||||
|
@ -1191,6 +1195,8 @@ load 'test_helper/bats-assert/load'
|
||||||
|
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf"
|
||||||
assert_success
|
assert_success
|
||||||
|
run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-aliases.cf"
|
||||||
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
|
||||||
assert_success
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
|
||||||
|
@ -1231,6 +1237,8 @@ load 'test_helper/bats-assert/load'
|
||||||
@test "checking dovecot: ldap config overwrites success" {
|
@test "checking dovecot: ldap config overwrites success" {
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext"
|
||||||
assert_success
|
assert_success
|
||||||
|
run docker exec mail_with_ldap /bin/sh -c "grep 'tls = no' /etc/dovecot/dovecot-ldap.conf.ext"
|
||||||
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
|
||||||
assert_success
|
assert_success
|
||||||
run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
|
run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
|
||||||
|
|
Loading…
Reference in a new issue