chore: `ldap-*cf` to `ldap/*.cf`

Remove the prefix in favor of moving these files into a subdirectory: `/etc/postfix/ldap/`.

Original LDAP config files provided via `Dockerfile` are now removed as the new `.tmpl` generation makes them redundant.

Dockerfile

@@ -111,16 +111,7 @@ COPY target/rspamd/local.d/ /etc/rspamd/local.d/
 # --- LDAP & SpamAssassin's Cron ----------------
 # -----------------------------------------------
 
-COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
+# LDAP config template support:
-COPY \
-  target/postfix/ldap-users.cf \
-  target/postfix/ldap-groups.cf \
-  target/postfix/ldap-aliases.cf \
-  target/postfix/ldap-domains.cf \
-  target/postfix/ldap-senders.cf \
-  /etc/postfix/
-
-# LDAP config support:
 COPY --link target/features/ldap/ /etc/dms/ldap/
 
 # hadolint ignore=SC2016

target/dovecot/dovecot-ldap.conf.ext

@@ -1,12 +0,0 @@
-base                = ou=people,dc=example,dc=com
-default_pass_scheme = SSHA
-dn                  = cn=admin,dc=example,dc=com
-dnpass              = admin
-uris                = ldap://mail.example.com
-tls                 = no
-ldap_version        = 3
-pass_attrs          = uniqueIdentifier=user,userPassword=password
-pass_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
-user_attrs          = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
-user_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
-auth_bind           = no

target/postfix/ldap-aliases.cf

@@ -1,9 +0,0 @@
-bind             = yes
-bind_dn          = cn=admin,dc=example,dc=com
-bind_pw          = admin
-query_filter     = (&(mailAlias=%s)(mailEnabled=TRUE))
-result_attribute = mail
-search_base      = ou=people,dc=example,dc=com
-server_host      = mail.example.com
-start_tls        = no
-version          = 3

target/postfix/ldap-domains.cf

@@ -1,9 +0,0 @@
-bind             = yes
-bind_dn          = cn=admin,dc=example,dc=com
-bind_pw          = admin
-query_filter     = (&(|(mail=*@%s)(mailalias=*@%s))(mailEnabled=TRUE))
-result_attribute = mail
-search_base      = ou=people,dc=example,dc=com
-server_host      = mail.example.com
-start_tls        = no
-version          = 3

target/postfix/ldap-groups.cf

@@ -1,9 +0,0 @@
-bind                     = yes
-bind_dn                  = cn=admin,dc=example,dc=com
-bind_pw                  = admin
-query_filter             = (&(mailGroupMember=%s)(mailEnabled=TRUE))
-result_attribute         = mail
-search_base              = ou=people,dc=example,dc=com
-server_host              = mail.example.com
-start_tls                = no
-version                  = 3

target/postfix/ldap-senders.cf

@@ -1,9 +0,0 @@
-bind             = yes
-bind_dn          = cn=admin,dc=example,dc=com
-bind_pw          = admin
-query_filter     = (mail=%s)
-result_attribute = mail, uid
-search_base      = ou=people,dc=example,dc=com
-server_host      = mail.example.com
-start_tls        = no
-version          = 3

target/postfix/ldap-users.cf

@@ -1,9 +0,0 @@
-bind             = yes
-bind_dn          = cn=admin,dc=example,dc=com
-bind_pw          = admin
-query_filter     = (&(mail=%s)(mailEnabled=TRUE))
-result_attribute = mail
-search_base      = ou=people,dc=example,dc=com
-server_host      = mail.example.com
-start_tls        = no
-version          = 3

target/scripts/helpers/postfix.sh

@@ -69,7 +69,7 @@ function _vhost_collect_postfix_domains() {
 # NOTE: `setup-stack.sh:_setup_ldap` has related logic:
 # - `main.cf:mydestination` setting removes `$mydestination` as an LDAP bugfix.
 # - `main.cf:virtual_mailbox_domains` uses `/etc/postfix/vhost`, but may
-#   conditionally include a 2nd table (ldap:/etc/postfix/ldap-domains.cf).
+#   conditionally include a 2nd table (ldap:/etc/postfix/ldap/domains.cf).
 function _vhost_ldap_support() {
   [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]] && echo "${DOMAINNAME}" >>"${TMP_VHOST}"
 }

target/scripts/startup/setup.d/ldap.sh

@@ -46,22 +46,22 @@ function _setup_ldap() {
 
   _log 'trace' "Configuring LDAP"
 
-  if [[ -f /etc/postfix/ldap-users.cf ]]; then
+  if [[ -f /etc/postfix/ldap/users.cf ]]; then
-    postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf'
+    postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap/users.cf'
   else
-    _log 'warn' "'/etc/postfix/ldap-users.cf' not found"
+    _log 'warn' "'/etc/postfix/ldap/users.cf' not found"
   fi
 
-  if [[ -f /etc/postfix/ldap-domains.cf ]]; then
+  if [[ -f /etc/postfix/ldap/domains.cf ]]; then
-    postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf'
+    postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap/domains.cf'
   else
-    _log 'warn' "'/etc/postfix/ldap-domains.cf' not found"
+    _log 'warn' "'/etc/postfix/ldap/domains.cf' not found"
   fi
 
-  if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]; then
+  if [[ -f /etc/postfix/ldap/aliases.cf ]] && [[ -f /etc/postfix/ldap/groups.cf ]]; then
-    postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf'
+    postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap/aliases.cf, ldap:/etc/postfix/ldap/groups.cf'
   else
-    _log 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found"
+    _log 'warn' "'/etc/postfix/ldap/aliases.cf' and / or '/etc/postfix/ldap/groups.cf' not found"
   fi
 
   # shellcheck disable=SC2016
@@ -89,5 +89,5 @@ function _create_config_postfix() {
     /etc/dms/ldap/postfix.base \
     "/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \
     <(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \
-  ) > "/etc/postfix/ldap-${QUERY_KIND}.cf"
+  ) > "/etc/postfix/ldap/${QUERY_KIND}.cf"
 }

target/scripts/startup/setup.d/security/spoofing.sh

@@ -6,9 +6,9 @@ function _setup_spoof_protection() {
 
     if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then
       if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then
-        postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf'
+        postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/users.cf ldap:/etc/postfix/ldap/aliases.cf ldap:/etc/postfix/ldap/groups.cf'
       else
-        postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
+        postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap/senders.cf'
       fi
     else
       # NOTE: This file is always created at startup, it potentially has content added.

test/tests/serial/mail_with_ldap.bats

@@ -39,7 +39,7 @@ function setup_file() {
   #
 
   # LDAP filter queries explained.
-  # NOTE: All LDAP configs for Postfix (with the exception of `ldap-senders.cf`), return the `mail` attribute value of matched results.
+  # NOTE: All LDAP configs for Postfix (with the exception of `ldap/senders.cf`), return the `mail` attribute value of matched results.
   # This is through the config key `result_attribute`, which the ENV substitution feature can only replace across all configs, not selectively like `query_filter`.
   # NOTE: The queries below rely specifically upon attributes and classes defined by the schema `postfix-book.ldif`. These are not compatible with all LDAP setups.
 
@@ -199,7 +199,7 @@ function teardown() {
   # REF: https://github.com/docker-mailserver/docker-mailserver/pull/642#issuecomment-313916384
   # NOTE: This account has no `mailAlias` or `mailGroupMember` defined in it's `.ldif`.
   local MAIL_ACCOUNT="some.user.email@${FQDN_LOCALHOST_A}"
-  _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf
+  _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf
   assert_success
   assert_output "${MAIL_ACCOUNT}"
 }
@@ -210,9 +210,9 @@ function teardown() {
   export CONTAINER_NAME=${CONTAINER3_NAME}
 
   local LDAP_CONFIGS_POSTFIX=(
-    /etc/postfix/ldap-users.cf
+    /etc/postfix/ldap/users.cf
-    /etc/postfix/ldap-groups.cf
+    /etc/postfix/ldap/groups.cf
-    /etc/postfix/ldap-aliases.cf
+    /etc/postfix/ldap/aliases.cf
   )
 
   for LDAP_CONFIG in "${LDAP_CONFIGS_POSTFIX[@]}"; do
@@ -232,15 +232,15 @@ function teardown() {
   for LDAP_SETTING in "${LDAP_SETTINGS_POSTFIX[@]}"; do
     # "${LDAP_SETTING%=*}" is to match only the key portion of the var (helpful for assert_output error messages)
     # NOTE: `start_tls = no` is a default setting, but the white-space differs when ENV `LDAP_START_TLS` is not set explicitly.
-    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-users.cf
+    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/users.cf
     assert_output "${LDAP_SETTING}"
     assert_success
 
-    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-groups.cf
+    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/groups.cf
     assert_output "${LDAP_SETTING}"
     assert_success
 
-    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap-aliases.cf
+    _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/aliases.cf
     assert_output "${LDAP_SETTING}"
     assert_success
   done
@@ -401,20 +401,20 @@ function _should_exist_in_ldap_tables() {
   local DOMAIN_PART="${MAIL_ACCOUNT#*@}"
 
   # Each LDAP config file sets `query_filter` to lookup a key in LDAP (values defined in `.ldif` test files)
-  # `mail` (ldap-users), `mailAlias` (ldap-aliases), `mailGroupMember` (ldap-groups)
+  # `mail` (ldap/users.cf), `mailAlias` (ldap/aliases.cf), `mailGroupMember` (ldap/groups.cf)
   # `postmap` is queried with the mail account address, and the LDAP service should respond with
   # `result_attribute` which is the LDAP `mail` value (should match what we'r'e quering `postmap` with)
 
-  _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap-users.cf
+  _run_in_container postmap -q "${MAIL_ACCOUNT}" ldap:/etc/postfix/ldap/users.cf
   assert_success
   assert_output "${MAIL_ACCOUNT}"
 
   # Check which account has the `postmaster` virtual alias:
-  _run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap-aliases.cf
+  _run_in_container postmap -q "postmaster@${DOMAIN_PART}" ldap:/etc/postfix/ldap/aliases.cf
   assert_success
   assert_output "${MAIL_ACCOUNT}"
 
-  _run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap-groups.cf
+  _run_in_container postmap -q "employees@${DOMAIN_PART}" ldap:/etc/postfix/ldap/groups.cf
   assert_success
   assert_output "${MAIL_ACCOUNT}"
 }