Improve LDAP integration (#379)

* Move ldap files to target dir

* Move ldap files to target dir

* Update start-mailser.sh to use copied files

* Add the domainname from container to vhost

* Fix unary operator error

* List dovecot users only when LDAP disabled

* Minor
This commit is contained in:
Dennis Stumm 2016-11-13 11:39:45 +01:00 committed by Josef Friedrich
parent f2f059bb91
commit d3cd407295
10 changed files with 19 additions and 55 deletions

View file

@ -62,6 +62,10 @@ RUN sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDR
COPY target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/ COPY target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
COPY target/dovecot/??-*.conf /etc/dovecot/conf.d/ COPY target/dovecot/??-*.conf /etc/dovecot/conf.d/
# Configures LDAP
COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/ldap-aliases.cf /etc/postfix/
# Enables Spamassassin CRON updates # Enables Spamassassin CRON updates
RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin

View file

@ -89,29 +89,23 @@ fi
# #
if [ "$ENABLE_LDAP" = 1 ]; then if [ "$ENABLE_LDAP" = 1 ]; then
for i in 'users' 'groups' 'aliases'; do for i in 'users' 'groups' 'aliases'; do
fpath="/tmp/docker-mailserver/postfix-ldap-${i}.cf"
if [ -f $fpath ]; then
cp ${fpath} /etc/postfix/ldap-${i}.cf
sed -i -e 's|^server_host.*|server_host = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ sed -i -e 's|^server_host.*|server_host = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^search_base.*|search_base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ -e 's|^search_base.*|search_base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^bind_dn.*|bind_dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ -e 's|^bind_dn.*|bind_dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
-e 's|^bind_pw.*|bind_pw = '${LDAP_BIND_PW:="admin"}'|g' \ -e 's|^bind_pw.*|bind_pw = '${LDAP_BIND_PW:="admin"}'|g' \
/etc/postfix/ldap-${i}.cf /etc/postfix/ldap-${i}.cf
else
echo "${fpath} not found"
echo "==> Warning: 'config/postfix-ldap-$i.cf' is not provided."
fi
done done
echo "Loading dovecot LDAP authentification configuration" echo "Configuring dovecot LDAP authentification"
cp /tmp/docker-mailserver/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap.conf.ext
sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
-e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \ -e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \
/etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap.conf.ext
# Add domainname to vhost.
echo $(domainname) >> /tmp/vhost.tmp
echo "Enabling dovecot LDAP authentification" echo "Enabling dovecot LDAP authentification"
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
@ -141,7 +135,7 @@ if [ "$ENABLE_SASLAUTHD" = 1 ]; then
[ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam
[ -z $SASLAUTHD_LDAP_SERVER ] && SASLAUTHD_LDAP_SERVER=localhost [ -z $SASLAUTHD_LDAP_SERVER ] && SASLAUTHD_LDAP_SERVER=localhost
[ -z $SASLAUTHD_LDAP_FILTER ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))' [ -z $SASLAUTHD_LDAP_FILTER ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))'
([ $SASLAUTHD_LDAP_SSL == 0 ] || [ -z $SASLAUTHD_LDAP_SSL ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' ([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
if [ ! -f /etc/saslauthd.conf ]; then if [ ! -f /etc/saslauthd.conf ]; then
echo "Creating /etc/saslauthd.conf" echo "Creating /etc/saslauthd.conf"
@ -527,7 +521,7 @@ if [ "$ENABLE_SASLAUTHD" = 1 ]; then
/etc/init.d/saslauthd start /etc/init.d/saslauthd start
fi fi
if [ "$SMTP_ONLY" != 1 ]; then if [ "$SMTP_ONLY" != 1 -a "$ENABLE_LDAP" != 1 ]; then
echo "Listing users" echo "Listing users"
/usr/sbin/dovecot user '*' /usr/sbin/dovecot user '*'
fi fi

View file

@ -1,10 +0,0 @@
base = ou=people,dc=my-domain,dc=com
default_pass_scheme = SSHA
dn = cn=admin,dc=my-domain,dc=com
dnpass = admin
hosts = mail.my-domain.com
ldap_version = 3
pass_attrs = uniqueIdentifier=user,userPassword=password
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))

View file

@ -1,8 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=my-domain,dc=com
bind_pw = admin
query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=my-domain,dc=com
server_host = mail.my-domain.com
version = 3

View file

@ -1,8 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=my-domain,dc=com
bind_pw = admin
query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=my-domain,dc=com
server_host = mail.my-domain.com
version = 3

View file

@ -1,8 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=my-domain,dc=com
bind_pw = admin
query_filter = (&(mail=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=my-domain,dc=com
server_host = mail.my-domain.com
version = 3