From d3cd407295ebdc395bcd1454f07cd97817522677 Mon Sep 17 00:00:00 2001 From: Dennis Stumm Date: Sun, 13 Nov 2016 11:39:45 +0100 Subject: [PATCH] Improve LDAP integration (#379) * Move ldap files to target dir * Move ldap files to target dir * Update start-mailser.sh to use copied files * Add the domainname from container to vhost * Fix unary operator error * List dovecot users only when LDAP disabled * Minor --- Dockerfile | 4 +++ .../dovecot}/dovecot-ldap.conf.ext | 0 .../postfix/ldap-aliases.cf | 0 .../postfix/ldap-groups.cf | 0 .../postfix/ldap-users.cf | 0 target/start-mailserver.sh | 36 ++++++++----------- test/config/dovecot-ldap.conf.ext | 10 ------ test/config/postfix-ldap-aliases.cf | 8 ----- test/config/postfix-ldap-groups.cf | 8 ----- test/config/postfix-ldap-users.cf | 8 ----- 10 files changed, 19 insertions(+), 55 deletions(-) rename {config => target/dovecot}/dovecot-ldap.conf.ext (100%) rename config/postfix-ldap-aliases.cf => target/postfix/ldap-aliases.cf (100%) rename config/postfix-ldap-groups.cf => target/postfix/ldap-groups.cf (100%) rename config/postfix-ldap-users.cf => target/postfix/ldap-users.cf (100%) delete mode 100644 test/config/dovecot-ldap.conf.ext delete mode 100644 test/config/postfix-ldap-aliases.cf delete mode 100644 test/config/postfix-ldap-groups.cf delete mode 100644 test/config/postfix-ldap-users.cf diff --git a/Dockerfile b/Dockerfile index 43563ccd..5098feb3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,6 +62,10 @@ RUN sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDR COPY target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/ COPY target/dovecot/??-*.conf /etc/dovecot/conf.d/ +# Configures LDAP +COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot +COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/ldap-aliases.cf /etc/postfix/ + # Enables Spamassassin CRON updates RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin diff --git a/config/dovecot-ldap.conf.ext b/target/dovecot/dovecot-ldap.conf.ext similarity index 100% rename from config/dovecot-ldap.conf.ext rename to target/dovecot/dovecot-ldap.conf.ext diff --git a/config/postfix-ldap-aliases.cf b/target/postfix/ldap-aliases.cf similarity index 100% rename from config/postfix-ldap-aliases.cf rename to target/postfix/ldap-aliases.cf diff --git a/config/postfix-ldap-groups.cf b/target/postfix/ldap-groups.cf similarity index 100% rename from config/postfix-ldap-groups.cf rename to target/postfix/ldap-groups.cf diff --git a/config/postfix-ldap-users.cf b/target/postfix/ldap-users.cf similarity index 100% rename from config/postfix-ldap-users.cf rename to target/postfix/ldap-users.cf diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 4a9e9c38..6478d805 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -89,28 +89,22 @@ fi # if [ "$ENABLE_LDAP" = 1 ]; then for i in 'users' 'groups' 'aliases'; do - fpath="/tmp/docker-mailserver/postfix-ldap-${i}.cf" - if [ -f $fpath ]; then - cp ${fpath} /etc/postfix/ldap-${i}.cf - sed -i -e 's|^server_host.*|server_host = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ - -e 's|^search_base.*|search_base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ - -e 's|^bind_dn.*|bind_dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ - -e 's|^bind_pw.*|bind_pw = '${LDAP_BIND_PW:="admin"}'|g' \ - /etc/postfix/ldap-${i}.cf - else - echo "${fpath} not found" - echo "==> Warning: 'config/postfix-ldap-$i.cf' is not provided." - fi + sed -i -e 's|^server_host.*|server_host = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ + -e 's|^search_base.*|search_base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ + -e 's|^bind_dn.*|bind_dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ + -e 's|^bind_pw.*|bind_pw = '${LDAP_BIND_PW:="admin"}'|g' \ + /etc/postfix/ldap-${i}.cf done - echo "Loading dovecot LDAP authentification configuration" - cp /tmp/docker-mailserver/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap.conf.ext - + echo "Configuring dovecot LDAP authentification" sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ - -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ - -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ - -e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \ - /etc/dovecot/dovecot-ldap.conf.ext + -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ + -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ + -e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \ + /etc/dovecot/dovecot-ldap.conf.ext + + # Add domainname to vhost. + echo $(domainname) >> /tmp/vhost.tmp echo "Enabling dovecot LDAP authentification" sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf @@ -141,7 +135,7 @@ if [ "$ENABLE_SASLAUTHD" = 1 ]; then [ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_LDAP_SERVER ] && SASLAUTHD_LDAP_SERVER=localhost [ -z $SASLAUTHD_LDAP_FILTER ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))' - ([ $SASLAUTHD_LDAP_SSL == 0 ] || [ -z $SASLAUTHD_LDAP_SSL ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' + ([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' if [ ! -f /etc/saslauthd.conf ]; then echo "Creating /etc/saslauthd.conf" @@ -527,7 +521,7 @@ if [ "$ENABLE_SASLAUTHD" = 1 ]; then /etc/init.d/saslauthd start fi -if [ "$SMTP_ONLY" != 1 ]; then +if [ "$SMTP_ONLY" != 1 -a "$ENABLE_LDAP" != 1 ]; then echo "Listing users" /usr/sbin/dovecot user '*' fi diff --git a/test/config/dovecot-ldap.conf.ext b/test/config/dovecot-ldap.conf.ext deleted file mode 100644 index a82641fa..00000000 --- a/test/config/dovecot-ldap.conf.ext +++ /dev/null @@ -1,10 +0,0 @@ -base = ou=people,dc=my-domain,dc=com -default_pass_scheme = SSHA -dn = cn=admin,dc=my-domain,dc=com -dnpass = admin -hosts = mail.my-domain.com -ldap_version = 3 -pass_attrs = uniqueIdentifier=user,userPassword=password -pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n)) -user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail -user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n)) diff --git a/test/config/postfix-ldap-aliases.cf b/test/config/postfix-ldap-aliases.cf deleted file mode 100644 index cb9c21af..00000000 --- a/test/config/postfix-ldap-aliases.cf +++ /dev/null @@ -1,8 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=my-domain,dc=com -bind_pw = admin -query_filter = (&(mailAlias=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=my-domain,dc=com -server_host = mail.my-domain.com -version = 3 diff --git a/test/config/postfix-ldap-groups.cf b/test/config/postfix-ldap-groups.cf deleted file mode 100644 index 13e69367..00000000 --- a/test/config/postfix-ldap-groups.cf +++ /dev/null @@ -1,8 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=my-domain,dc=com -bind_pw = admin -query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=my-domain,dc=com -server_host = mail.my-domain.com -version = 3 diff --git a/test/config/postfix-ldap-users.cf b/test/config/postfix-ldap-users.cf deleted file mode 100644 index 18cf8acf..00000000 --- a/test/config/postfix-ldap-users.cf +++ /dev/null @@ -1,8 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=my-domain,dc=com -bind_pw = admin -query_filter = (&(mail=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=my-domain,dc=com -server_host = mail.my-domain.com -version = 3