From 067341ab5532513751eb967da1c3d2f5aef0dfba Mon Sep 17 00:00:00 2001 From: polarathene <5098581+polarathene@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:18:34 +1200 Subject: [PATCH] chore: `ldap-*cf` to `ldap/*.cf` Remove the prefix in favor of moving these files into a subdirectory: `/etc/postfix/ldap/`. Original LDAP config files provided via `Dockerfile` are now removed as the new `.tmpl` generation makes them redundant. --- Dockerfile | 11 +-------- target/dovecot/dovecot-ldap.conf.ext | 12 ---------- target/postfix/ldap-aliases.cf | 9 ------- target/postfix/ldap-domains.cf | 9 ------- target/postfix/ldap-groups.cf | 9 ------- target/postfix/ldap-senders.cf | 9 ------- target/postfix/ldap-users.cf | 9 ------- target/scripts/helpers/postfix.sh | 2 +- target/scripts/startup/setup.d/ldap.sh | 20 ++++++++-------- .../startup/setup.d/security/spoofing.sh | 4 ++-- test/tests/serial/mail_with_ldap.bats | 24 +++++++++---------- 11 files changed, 26 insertions(+), 92 deletions(-) delete mode 100644 target/dovecot/dovecot-ldap.conf.ext delete mode 100644 target/postfix/ldap-aliases.cf delete mode 100644 target/postfix/ldap-domains.cf delete mode 100644 target/postfix/ldap-groups.cf delete mode 100644 target/postfix/ldap-senders.cf delete mode 100644 target/postfix/ldap-users.cf diff --git a/Dockerfile b/Dockerfile index f6b40124..e28a58f0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -111,16 +111,7 @@ COPY target/rspamd/local.d/ /etc/rspamd/local.d/ # --- LDAP & SpamAssassin's Cron ---------------- # ----------------------------------------------- -COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot -COPY \ - target/postfix/ldap-users.cf \ - target/postfix/ldap-groups.cf \ - target/postfix/ldap-aliases.cf \ - target/postfix/ldap-domains.cf \ - target/postfix/ldap-senders.cf \ - /etc/postfix/ - -# LDAP config support: +# LDAP config template support: COPY --link target/features/ldap/ /etc/dms/ldap/ # hadolint ignore=SC2016 diff --git a/target/dovecot/dovecot-ldap.conf.ext b/target/dovecot/dovecot-ldap.conf.ext deleted file mode 100644 index 66311106..00000000 --- a/target/dovecot/dovecot-ldap.conf.ext +++ /dev/null @@ -1,12 +0,0 @@ -base = ou=people,dc=example,dc=com -default_pass_scheme = SSHA -dn = cn=admin,dc=example,dc=com -dnpass = admin -uris = ldap://mail.example.com -tls = no -ldap_version = 3 -pass_attrs = uniqueIdentifier=user,userPassword=password -pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n)) -user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail -user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n)) -auth_bind = no diff --git a/target/postfix/ldap-aliases.cf b/target/postfix/ldap-aliases.cf deleted file mode 100644 index 5c8d443a..00000000 --- a/target/postfix/ldap-aliases.cf +++ /dev/null @@ -1,9 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=example,dc=com -bind_pw = admin -query_filter = (&(mailAlias=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=example,dc=com -server_host = mail.example.com -start_tls = no -version = 3 diff --git a/target/postfix/ldap-domains.cf b/target/postfix/ldap-domains.cf deleted file mode 100644 index c118ebf6..00000000 --- a/target/postfix/ldap-domains.cf +++ /dev/null @@ -1,9 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=example,dc=com -bind_pw = admin -query_filter = (&(|(mail=*@%s)(mailalias=*@%s))(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=example,dc=com -server_host = mail.example.com -start_tls = no -version = 3 diff --git a/target/postfix/ldap-groups.cf b/target/postfix/ldap-groups.cf deleted file mode 100644 index dc7fa14f..00000000 --- a/target/postfix/ldap-groups.cf +++ /dev/null @@ -1,9 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=example,dc=com -bind_pw = admin -query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=example,dc=com -server_host = mail.example.com -start_tls = no -version = 3 diff --git a/target/postfix/ldap-senders.cf b/target/postfix/ldap-senders.cf deleted file mode 100644 index 88a6cd87..00000000 --- a/target/postfix/ldap-senders.cf +++ /dev/null @@ -1,9 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=example,dc=com -bind_pw = admin -query_filter = (mail=%s) -result_attribute = mail, uid -search_base = ou=people,dc=example,dc=com -server_host = mail.example.com -start_tls = no -version = 3 diff --git a/target/postfix/ldap-users.cf b/target/postfix/ldap-users.cf deleted file mode 100644 index 943801f4..00000000 --- a/target/postfix/ldap-users.cf +++ /dev/null @@ -1,9 +0,0 @@ -bind = yes -bind_dn = cn=admin,dc=example,dc=com -bind_pw = admin -query_filter = (&(mail=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=example,dc=com -server_host = mail.example.com -start_tls = no -version = 3 diff --git a/target/scripts/helpers/postfix.sh b/target/scripts/helpers/postfix.sh index 5fa4fa83..92758a0a 100644 --- a/target/scripts/helpers/postfix.sh +++ b/target/scripts/helpers/postfix.sh @@ -69,7 +69,7 @@ function _vhost_collect_postfix_domains() { # NOTE: `setup-stack.sh:_setup_ldap` has related logic: # - `main.cf:mydestination` setting removes `$mydestination` as an LDAP bugfix. # - `main.cf:virtual_mailbox_domains` uses `/etc/postfix/vhost`, but may -# conditionally include a 2nd table (ldap:/etc/postfix/ldap-domains.cf). +# conditionally include a 2nd table (ldap:/etc/postfix/ldap/domains.cf). function _vhost_ldap_support() { [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]] && echo "${DOMAINNAME}" >>"${TMP_VHOST}" } diff --git a/target/scripts/startup/setup.d/ldap.sh b/target/scripts/startup/setup.d/ldap.sh index 9b037f3b..2776aa5d 100644 --- a/target/scripts/startup/setup.d/ldap.sh +++ b/target/scripts/startup/setup.d/ldap.sh @@ -46,22 +46,22 @@ function _setup_ldap() { _log 'trace' "Configuring LDAP" - if [[ -f /etc/postfix/ldap-users.cf ]]; then - postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf' + if [[ -f /etc/postfix/ldap/users.cf ]]; then + postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap/users.cf' else - _log 'warn' "'/etc/postfix/ldap-users.cf' not found" + _log 'warn' "'/etc/postfix/ldap/users.cf' not found" fi - if [[ -f /etc/postfix/ldap-domains.cf ]]; then - postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf' + if [[ -f /etc/postfix/ldap/domains.cf ]]; then + postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap/domains.cf' else - _log 'warn' "'/etc/postfix/ldap-domains.cf' not found" + _log 'warn' "'/etc/postfix/ldap/domains.cf' not found" fi - if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]; then - postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf' + if [[ -f /etc/postfix/ldap/aliases.cf ]] && [[ -f /etc/postfix/ldap/groups.cf ]]; then + postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap/aliases.cf, ldap:/etc/postfix/ldap/groups.cf' else - _log 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found" + _log 'warn' "'/etc/postfix/ldap/aliases.cf' and / or '/etc/postfix/ldap/groups.cf' not found" fi # shellcheck disable=SC2016 @@ -89,5 +89,5 @@ function _create_config_postfix() { /etc/dms/ldap/postfix.base \ "/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \ <(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \ - ) > "/etc/postfix/ldap-${QUERY_KIND}.cf" + ) > "/etc/postfix/ldap/${QUERY_KIND}.cf" } diff --git a/target/scripts/startup/setup.d/security/spoofing.sh b/target/scripts/startup/setup.d/security/spoofing.sh index ffefb279..1afe1d0c 100644 --- a/target/scripts/startup/setup.d/security/spoofing.sh +++ b/target/scripts/startup/setup.d/security/spoofing.sh @@ -6,9 +6,9 @@ function _setup_spoof_protection() { if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then - postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf' + postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/users.cf ldap:/etc/postfix/ldap/aliases.cf ldap:/etc/postfix/ldap/groups.cf' else - postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf' + postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/senders.cf' fi else # NOTE: This file is always created at startup, it potentially has content added. diff --git a/test/tests/serial/mail_with_ldap.bats b/test/tests/serial/mail_with_ldap.bats index f2011d22..aad18582 100644 --- a/test/tests/serial/mail_with_ldap.bats +++ b/test/tests/serial/mail_with_ldap.bats @@ -39,7 +39,7 @@ function setup_file() { # # LDAP filter queries explained. - # NOTE: All LDAP configs for Postfix (with the exception of `ldap-senders.cf`), return the `mail` attribute value of matched results. + # NOTE: All LDAP configs for Postfix (with the exception of `ldap/senders.cf`), return the `mail` attribute value of matched results. # This is through the config key `result_attribute`, which the ENV substitution feature can only replace across all configs, not selectively like `query_filter`. # NOTE: The queries below rely specifically upon attributes and classes defined by the schema `postfix-book.ldif`. These are not compatible with all LDAP setups. @@ -199,7 +199,7 @@ function teardown() { # REF: https://github.com/docker-mailserver/docker-mailserver/pull/642#issuecomment-313916384 # NOTE: This account has no `mailAlias` or `mailGroupMember` defined in it's `.ldif`. local MAIL_ACCOUNT="some.user.email@${FQDN_LOCALHOST_A}" - _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf + _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf assert_success assert_output "${MAIL_ACCOUNT}" } @@ -210,9 +210,9 @@ function teardown() { export CONTAINER_NAME=${CONTAINER3_NAME} local LDAP_CONFIGS_POSTFIX=( - /etc/postfix/ldap-users.cf - /etc/postfix/ldap-groups.cf - /etc/postfix/ldap-aliases.cf + /etc/postfix/ldap/users.cf + /etc/postfix/ldap/groups.cf + /etc/postfix/ldap/aliases.cf ) for LDAP_CONFIG in "${LDAP_CONFIGS_POSTFIX[@]}"; do @@ -232,15 +232,15 @@ function teardown() { for LDAP_SETTING in "${LDAP_SETTINGS_POSTFIX[@]}"; do # "${LDAP_SETTING%=*}" is to match only the key portion of the var (helpful for assert_output error messages) # NOTE: `start_tls = no` is a default setting, but the white-space differs when ENV `LDAP_START_TLS` is not set explicitly. - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-users.cf + _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/users.cf assert_output "${LDAP_SETTING}" assert_success - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-groups.cf + _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/groups.cf assert_output "${LDAP_SETTING}" assert_success - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-aliases.cf + _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/aliases.cf assert_output "${LDAP_SETTING}" assert_success done @@ -401,20 +401,20 @@ function _should_exist_in_ldap_tables() { local DOMAIN_PART="${MAIL_ACCOUNT#*@}" # Each LDAP config file sets `query_filter` to lookup a key in LDAP (values defined in `.ldif` test files) - # `mail` (ldap-users), `mailAlias` (ldap-aliases), `mailGroupMember` (ldap-groups) + # `mail` (ldap/users.cf), `mailAlias` (ldap/aliases.cf), `mailGroupMember` (ldap/groups.cf) # `postmap` is queried with the mail account address, and the LDAP service should respond with # `result_attribute` which is the LDAP `mail` value (should match what we'r'e quering `postmap` with) - _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf + _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf assert_success assert_output "${MAIL_ACCOUNT}" # Check which account has the `postmaster` virtual alias: - _run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap-aliases.cf + _run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap/aliases.cf assert_success assert_output "${MAIL_ACCOUNT}" - _run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap-groups.cf + _run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap/groups.cf assert_success assert_output "${MAIL_ACCOUNT}" }