Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (Solves: #979, #980)

This commit is contained in:
Franz Keferböck 2018-06-02 21:16:16 +02:00 committed by Johan Smits
parent 60656aec49
commit e27e13c1b3
4 changed files with 18 additions and 0 deletions

View file

@ -261,6 +261,15 @@ SASLAUTHD_LDAP_SEARCH_BASE=
# e.g. for openldap: `(&(uid=%U)(objectClass=person))`
SASLAUTHD_LDAP_FILTER=
# empty => no
# yes => LDAP over TLS enabled for SASL
# Must not be used together with SASLAUTHD_LDAP_SSL=1_
SASLAUTHD_LDAP_START_TLS=
# empty => no
# yes => Require and verify server certificate
SASLAUTHD_LDAP_TLS_CHECK_PEER=
# empty => No sasl_passwd will be created
# string => `/etc/postfix/sasl_passwd` will be created with the string as password
SASL_PASSWD=

View file

@ -68,6 +68,8 @@ services:
- SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
- SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS}
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER}
- SASL_PASSWD=${SASL_PASSWD}
cap_add:
- NET_ADMIN

View file

@ -68,6 +68,8 @@ services:
- SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
- SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS}
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER}
- SASL_PASSWD=${SASL_PASSWD}
- SRS_EXCLUDE_DOMAINS=${SRS_EXCLUDE_DOMAINS}
- SRS_SECRET=${SRS_SECRET}

View file

@ -695,6 +695,8 @@ function _setup_saslauthd() {
[ -z "$SASLAUTHD_LDAP_SERVER" ] && SASLAUTHD_LDAP_SERVER=localhost
[ -z "$SASLAUTHD_LDAP_FILTER" ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))'
([ -z "$SASLAUTHD_LDAP_SSL" ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
[ -z "$SASLAUTHD_LDAP_START_TLS" ] && SASLAUTHD_LDAP_START_TLS=no
[ -z "$SASLAUTHD_LDAP_TLS_CHECK_PEER" ] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no
if [ ! -f /etc/saslauthd.conf ]; then
notify 'inf' "Creating /etc/saslauthd.conf"
@ -708,6 +710,9 @@ ldap_bind_pw: ${SASLAUTHD_LDAP_PASSWORD}
ldap_search_base: ${SASLAUTHD_LDAP_SEARCH_BASE}
ldap_filter: ${SASLAUTHD_LDAP_FILTER}
ldap_start_tls: $SASLAUTHD_LDAP_START_TLS
ldap_tls_check_peer: $SASLAUTHD_LDAP_TLS_CHECK_PEER
ldap_referrals: yes
log_level: 10
EOF