Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: `ldap-*cf` to `ldap/*.cf` 

Remove the prefix in favor of moving these files into a subdirectory: `/etc/postfix/ldap/`.

Original LDAP config files provided via `Dockerfile` are now removed as the new `.tmpl` generation makes them redundant.
This commit is contained in:
polarathene 2023-09-03 19:18:34 +12:00
parent ea61a21259
commit 067341ab55
11 changed files with 26 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -111,16 +111,7 @@ COPY target/rspamd/local.d/ /etc/rspamd/local.d/
# --- LDAP & SpamAssassin's Cron ----------------
# -----------------------------------------------
COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
COPY \
target/postfix/ldap-users.cf \
target/postfix/ldap-groups.cf \
target/postfix/ldap-aliases.cf \
target/postfix/ldap-domains.cf \
target/postfix/ldap-senders.cf \
/etc/postfix/
# LDAP config support:
# LDAP config template support:
COPY --link target/features/ldap/ /etc/dms/ldap/
# hadolint ignore=SC2016

12
target/dovecot/dovecot-ldap.conf.ext
View File

@ -1,12 +0,0 @@
base = ou=people,dc=example,dc=com
default_pass_scheme = SSHA
dn = cn=admin,dc=example,dc=com
dnpass = admin
uris = ldap://mail.example.com
tls = no
ldap_version = 3
pass_attrs = uniqueIdentifier=user,userPassword=password
pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
auth_bind = no

9
target/postfix/ldap-aliases.cf
View File

@ -1,9 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=example,dc=com
bind_pw = admin
query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=example,dc=com
server_host = mail.example.com
start_tls = no
version = 3

9
target/postfix/ldap-domains.cf
View File

@ -1,9 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=example,dc=com
bind_pw = admin
query_filter = (&(|(mail=*@%s)(mailalias=*@%s))(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=example,dc=com
server_host = mail.example.com
start_tls = no
version = 3

9
target/postfix/ldap-groups.cf
View File

@ -1,9 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=example,dc=com
bind_pw = admin
query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=example,dc=com
server_host = mail.example.com
start_tls = no
version = 3

9
target/postfix/ldap-senders.cf
View File

@ -1,9 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=example,dc=com
bind_pw = admin
query_filter = (mail=%s)
result_attribute = mail, uid
search_base = ou=people,dc=example,dc=com
server_host = mail.example.com
start_tls = no
version = 3

9
target/postfix/ldap-users.cf
View File

@ -1,9 +0,0 @@
bind = yes
bind_dn = cn=admin,dc=example,dc=com
bind_pw = admin
query_filter = (&(mail=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=example,dc=com
server_host = mail.example.com
start_tls = no
version = 3

2
target/scripts/helpers/postfix.sh
View File

@ -69,7 +69,7 @@ function _vhost_collect_postfix_domains() {
# NOTE: `setup-stack.sh:_setup_ldap` has related logic:
# - `main.cf:mydestination` setting removes `$mydestination` as an LDAP bugfix.
# - `main.cf:virtual_mailbox_domains` uses `/etc/postfix/vhost`, but may
# conditionally include a 2nd table (ldap:/etc/postfix/ldap-domains.cf).
# conditionally include a 2nd table (ldap:/etc/postfix/ldap/domains.cf).
function _vhost_ldap_support() {
[[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]] && echo "${DOMAINNAME}" >>"${TMP_VHOST}"
}

20
target/scripts/startup/setup.d/ldap.sh
View File

@ -46,22 +46,22 @@ function _setup_ldap() {
_log 'trace' "Configuring LDAP"
if [[ -f /etc/postfix/ldap-users.cf ]]; then
postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf'
if [[ -f /etc/postfix/ldap/users.cf ]]; then
postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap/users.cf'
else
_log 'warn' "'/etc/postfix/ldap-users.cf' not found"
_log 'warn' "'/etc/postfix/ldap/users.cf' not found"
fi
if [[ -f /etc/postfix/ldap-domains.cf ]]; then
postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf'
if [[ -f /etc/postfix/ldap/domains.cf ]]; then
postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap/domains.cf'
else
_log 'warn' "'/etc/postfix/ldap-domains.cf' not found"
_log 'warn' "'/etc/postfix/ldap/domains.cf' not found"
fi
if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]; then
postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf'
if [[ -f /etc/postfix/ldap/aliases.cf ]] && [[ -f /etc/postfix/ldap/groups.cf ]]; then
postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap/aliases.cf, ldap:/etc/postfix/ldap/groups.cf'
else
_log 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found"
_log 'warn' "'/etc/postfix/ldap/aliases.cf' and / or '/etc/postfix/ldap/groups.cf' not found"
fi
# shellcheck disable=SC2016
@ -89,5 +89,5 @@ function _create_config_postfix() {
/etc/dms/ldap/postfix.base \
"/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \
<(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \
) > "/etc/postfix/ldap-${QUERY_KIND}.cf"
) > "/etc/postfix/ldap/${QUERY_KIND}.cf"
}

4
target/scripts/startup/setup.d/security/spoofing.sh
View File

@ -6,9 +6,9 @@ function _setup_spoof_protection() {
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then
if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf'
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/users.cf ldap:/etc/postfix/ldap/aliases.cf ldap:/etc/postfix/ldap/groups.cf'
else
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/senders.cf'
fi
else
# NOTE: This file is always created at startup, it potentially has content added.

24
test/tests/serial/mail_with_ldap.bats
View File

@ -39,7 +39,7 @@ function setup_file() {
#
# LDAP filter queries explained.
# NOTE: All LDAP configs for Postfix (with the exception of `ldap-senders.cf`), return the `mail` attribute value of matched results.
# NOTE: All LDAP configs for Postfix (with the exception of `ldap/senders.cf`), return the `mail` attribute value of matched results.
# This is through the config key `result_attribute`, which the ENV substitution feature can only replace across all configs, not selectively like `query_filter`.
# NOTE: The queries below rely specifically upon attributes and classes defined by the schema `postfix-book.ldif`. These are not compatible with all LDAP setups.
@ -199,7 +199,7 @@ function teardown() {
# REF: https://github.com/docker-mailserver/docker-mailserver/pull/642#issuecomment-313916384
# NOTE: This account has no `mailAlias` or `mailGroupMember` defined in it's `.ldif`.
local MAIL_ACCOUNT="some.user.email@${FQDN_LOCALHOST_A}"
_run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf
_run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf
assert_success
assert_output "${MAIL_ACCOUNT}"
}
@ -210,9 +210,9 @@ function teardown() {
export CONTAINER_NAME=${CONTAINER3_NAME}
local LDAP_CONFIGS_POSTFIX=(
/etc/postfix/ldap-users.cf
/etc/postfix/ldap-groups.cf
/etc/postfix/ldap-aliases.cf
/etc/postfix/ldap/users.cf
/etc/postfix/ldap/groups.cf
/etc/postfix/ldap/aliases.cf
)
for LDAP_CONFIG in "${LDAP_CONFIGS_POSTFIX[@]}"; do
@ -232,15 +232,15 @@ function teardown() {
for LDAP_SETTING in "${LDAP_SETTINGS_POSTFIX[@]}"; do
# "${LDAP_SETTING%=*}" is to match only the key portion of the var (helpful for assert_output error messages)
# NOTE: `start_tls = no` is a default setting, but the white-space differs when ENV `LDAP_START_TLS` is not set explicitly.
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-users.cf
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/users.cf
assert_output "${LDAP_SETTING}"
assert_success
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-groups.cf
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/groups.cf
assert_output "${LDAP_SETTING}"
assert_success
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-aliases.cf
_run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/aliases.cf
assert_output "${LDAP_SETTING}"
assert_success
done
@ -401,20 +401,20 @@ function _should_exist_in_ldap_tables() {
local DOMAIN_PART="${MAIL_ACCOUNT#*@}"
# Each LDAP config file sets `query_filter` to lookup a key in LDAP (values defined in `.ldif` test files)
# `mail` (ldap-users), `mailAlias` (ldap-aliases), `mailGroupMember` (ldap-groups)
# `mail` (ldap/users.cf), `mailAlias` (ldap/aliases.cf), `mailGroupMember` (ldap/groups.cf)
# `postmap` is queried with the mail account address, and the LDAP service should respond with
# `result_attribute` which is the LDAP `mail` value (should match what we'r'e quering `postmap` with)
_run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf
_run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf
assert_success
assert_output "${MAIL_ACCOUNT}"
# Check which account has the `postmaster` virtual alias:
_run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap-aliases.cf
_run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap/aliases.cf
assert_success
assert_output "${MAIL_ACCOUNT}"
_run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap-groups.cf
_run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap/groups.cf
assert_success
assert_output "${MAIL_ACCOUNT}"
}