diff --git a/target/features/ldap/dovecot.tmpl b/target/features/ldap/dovecot.tmpl index c95c399f..a44ee80e 100644 --- a/target/features/ldap/dovecot.tmpl +++ b/target/features/ldap/dovecot.tmpl @@ -1,32 +1,32 @@ # Dovecot LDAP config docs: https://github.com/dovecot/core/blob/bbb600e46ca650a3a5ef812ea3a1e8c45a6ea0ba/doc/example-config/dovecot-ldap.conf.ext -hosts = ${HOSTS} -uris = ${URIS} -dn = ${DN} -dnpass = ${DNPASS} -sasl_bind = ${SASL_BIND} -sasl_mech = ${SASL_MECH} -sasl_realm = ${SASL_REALM} -sasl_authz_id = ${SASL_AUTHZ_ID} -tls = ${TLS} -tls_ca_cert_file = ${TLS_CA_CERT_FILE} -tls_ca_cert_dir = ${TLS_CA_CERT_DIR} -tls_cipher_suite = ${TLS_CIPHER_SUITE} -tls_cert_file = ${TLS_CERT_FILE} -tls_key_file = ${TLS_KEY_FILE} -tls_require_cert = ${TLS_REQUIRE_CERT} -ldaprc_path = ${LDAPRC_PATH} -debug_level = ${DEBUG_LEVEL} -auth_bind = ${AUTH_BIND} -auth_bind_userdn = ${AUTH_BIND_USERDN} -ldap_version = ${LDAP_VERSION} -base = ${BASE} -deref = ${DEREF} -scope = ${SCOPE} -user_attrs = ${USER_ATTRS} -user_filter = ${USER_FILTER} -pass_attrs = ${PASS_ATTRS} -pass_filter = ${PASS_FILTER} -iterate_attrs = ${ITERATE_ATTRS} -iterate_filter = ${ITERATE_FILTER} +hosts = ${HOSTS} +uris = ${URIS} +dn = ${DN} +dnpass = ${DNPASS} +sasl_bind = ${SASL_BIND} +sasl_mech = ${SASL_MECH} +sasl_realm = ${SASL_REALM} +sasl_authz_id = ${SASL_AUTHZ_ID} +tls = ${TLS} +tls_ca_cert_file = ${TLS_CA_CERT_FILE} +tls_ca_cert_dir = ${TLS_CA_CERT_DIR} +tls_cipher_suite = ${TLS_CIPHER_SUITE} +tls_cert_file = ${TLS_CERT_FILE} +tls_key_file = ${TLS_KEY_FILE} +tls_require_cert = ${TLS_REQUIRE_CERT} +ldaprc_path = ${LDAPRC_PATH} +debug_level = ${DEBUG_LEVEL} +auth_bind = ${AUTH_BIND} +auth_bind_userdn = ${AUTH_BIND_USERDN} +ldap_version = ${LDAP_VERSION} +base = ${BASE} +deref = ${DEREF} +scope = ${SCOPE} +user_attrs = ${USER_ATTRS} +user_filter = ${USER_FILTER} +pass_attrs = ${PASS_ATTRS} +pass_filter = ${PASS_FILTER} +iterate_attrs = ${ITERATE_ATTRS} +iterate_filter = ${ITERATE_FILTER} default_pass_scheme = ${DEFAULT_PASS_SCHEME} -blocking = ${BLOCKING} +blocking = ${BLOCKING} diff --git a/target/features/ldap/postfix.tmpl b/target/features/ldap/postfix.tmpl index 4d48f31d..682d8e27 100644 --- a/target/features/ldap/postfix.tmpl +++ b/target/features/ldap/postfix.tmpl @@ -1,35 +1,35 @@ # Postfix LDAP table docs: http://www.postfix.org/ldap_table.5.html -server_host = ${SERVER_HOST} -server_port = ${SERVER_PORT} -timeout = ${TIMEOUT} -search_base = ${SEARCH_BASE} -query_filter = ${QUERY_FILTER} -result_format = ${RESULT_FORMAT} -domain = ${DOMAIN} -result_attribute = ${RESULT_ATTRIBUTE} -special_result_attribute = ${SPECIAL_RESULT_ATTRIBUTE} +server_host = ${SERVER_HOST} +server_port = ${SERVER_PORT} +timeout = ${TIMEOUT} +search_base = ${SEARCH_BASE} +query_filter = ${QUERY_FILTER} +result_format = ${RESULT_FORMAT} +domain = ${DOMAIN} +result_attribute = ${RESULT_ATTRIBUTE} +special_result_attribute = ${SPECIAL_RESULT_ATTRIBUTE} terminal_result_attribute = ${TERMINAL_RESULT_ATTRIBUTE} -leaf_result_attribute = ${LEAF_RESULT_ATTRIBUTE} -scope = ${SCOPE} -bind = ${BIND} -bind_dn = ${BIND_DN} -bind_pw = ${BIND_PW} -recursion_limit = ${RECURSION_LIMIT} -expansion_limit = ${EXPANSION_LIMIT} -size_limit = ${SIZE_LIMIT} -dereference = ${DEREFERENCE} -chase_referrals = ${CHASE_REFERRALS} -version = ${VERSION} -debuglevel = ${DEBUGLEVEL} -sasl_mechs = ${SASL_MECHS} -sasl_realm = ${SASL_REALM} -sasl_authz_id = ${SASL_AUTHZ_ID} -sasl_minssf = ${SASL_MINSSF} -start_tls = ${START_TLS} -tls_ca_cert_dir = ${TLS_CA_CERT_DIR} -tls_ca_cert_file = ${TLS_CA_CERT_FILE} -tls_cert = ${TLS_CERT} -tls_key = ${TLS_KEY} -tls_require_cert = ${TLS_REQUIRE_CERT} -tls_random_file = ${TLS_RANDOM_FILE} -tls_cipher_suite = ${TLS_CIPHER_SUITE} +leaf_result_attribute = ${LEAF_RESULT_ATTRIBUTE} +scope = ${SCOPE} +bind = ${BIND} +bind_dn = ${BIND_DN} +bind_pw = ${BIND_PW} +recursion_limit = ${RECURSION_LIMIT} +expansion_limit = ${EXPANSION_LIMIT} +size_limit = ${SIZE_LIMIT} +dereference = ${DEREFERENCE} +chase_referrals = ${CHASE_REFERRALS} +version = ${VERSION} +debuglevel = ${DEBUGLEVEL} +sasl_mechs = ${SASL_MECHS} +sasl_realm = ${SASL_REALM} +sasl_authz_id = ${SASL_AUTHZ_ID} +sasl_minssf = ${SASL_MINSSF} +start_tls = ${START_TLS} +tls_ca_cert_dir = ${TLS_CA_CERT_DIR} +tls_ca_cert_file = ${TLS_CA_CERT_FILE} +tls_cert = ${TLS_CERT} +tls_key = ${TLS_KEY} +tls_require_cert = ${TLS_REQUIRE_CERT} +tls_random_file = ${TLS_RANDOM_FILE} +tls_cipher_suite = ${TLS_CIPHER_SUITE} diff --git a/target/features/ldap/saslauthd.base b/target/features/ldap/saslauthd.base index 4d92c33e..508c6e24 100644 --- a/target/features/ldap/saslauthd.base +++ b/target/features/ldap/saslauthd.base @@ -1,6 +1,6 @@ -ldap_bind_dn: ${BIND_DN} -ldap_bind_pw: ${BIND_PW} -ldap_servers: ${SERVER_HOST} +ldap_bind_dn: ${BIND_DN} +ldap_bind_pw: ${BIND_PW} +ldap_servers: ${SERVER_HOST} ldap_search_base: ${SEARCH_BASE} -ldap_filter: (&(uniqueIdentifier=%u)(mailEnabled=TRUE)) -ldap_referrals: yes +ldap_filter: (&(uniqueIdentifier=%u)(mailEnabled=TRUE)) +ldap_referrals: yes diff --git a/target/features/ldap/saslauthd.tmpl b/target/features/ldap/saslauthd.tmpl index 016bf1a0..f07c985d 100644 --- a/target/features/ldap/saslauthd.tmpl +++ b/target/features/ldap/saslauthd.tmpl @@ -1,36 +1,36 @@ # Parameter docs: https://github.com/cyrusimap/cyrus-sasl/blob/3959d45aa187d906d5fb3e8edf7e3661780967a5/saslauthd/LDAP_SASLAUTHD#L85-L242 -ldap_auth_method: ${LDAP_AUTH_METHOD} -ldap_bind_dn: ${LDAP_BIND_DN} -ldap_bind_pw: ${LDAP_BIND_PW} -ldap_default_domain: ${LDAP_DEFAULT_DOMAIN} -ldap_default_realm: ${LDAP_DEFAULT_REALM} -ldap_deref: ${LDAP_DEREF} -ldap_filter: ${LDAP_FILTER} -ldap_group_attr: ${LDAP_GROUP_ATTR} -ldap_group_dn: ${LDAP_GROUP_DN} -ldap_group_filter: ${LDAP_GROUP_FILTER} +ldap_auth_method: ${LDAP_AUTH_METHOD} +ldap_bind_dn: ${LDAP_BIND_DN} +ldap_bind_pw: ${LDAP_BIND_PW} +ldap_default_domain: ${LDAP_DEFAULT_DOMAIN} +ldap_default_realm: ${LDAP_DEFAULT_REALM} +ldap_deref: ${LDAP_DEREF} +ldap_filter: ${LDAP_FILTER} +ldap_group_attr: ${LDAP_GROUP_ATTR} +ldap_group_dn: ${LDAP_GROUP_DN} +ldap_group_filter: ${LDAP_GROUP_FILTER} ldap_group_match_method: ${LDAP_GROUP_MATCH_METHOD} -ldap_group_search_base: ${LDAP_GROUP_SEARCH_BASE} -ldap_group_scope: ${LDAP_GROUP_SCOPE} -ldap_password: ${LDAP_PASSWORD} -ldap_password_attr: ${LDAP_PASSWORD_ATTR} -ldap_referrals: ${LDAP_REFERRALS} -ldap_restart: ${LDAP_RESTART} -ldap_id: ${LDAP_ID} -ldap_authz_id: ${LDAP_AUTHZ_ID} -ldap_mech: ${LDAP_MECH} -ldap_realm: ${LDAP_REALM} -ldap_scope: ${LDAP_SCOPE} -ldap_search_base: ${LDAP_SEARCH_BASE} -ldap_servers: ${LDAP_SERVERS} -ldap_start_tls: ${LDAP_START_TLS} -ldap_time_limit: ${LDAP_TIME_LIMIT} -ldap_timeout: ${LDAP_TIMEOUT} -ldap_tls_check_peer: ${LDAP_TLS_CHECK_PEER} -ldap_tls_cacert_file: ${LDAP_TLS_CACERT_FILE} -ldap_tls_cacert_dir: ${LDAP_TLS_CACERT_DIR} -ldap_tls_ciphers: ${LDAP_TLS_CIPHERS} -ldap_tls_cert: ${LDAP_TLS_CERT} -ldap_tls_key: ${LDAP_TLS_KEY} -ldap_use_sasl: ${LDAP_USE_SASL} -ldap_version: ${LDAP_VERSION} +ldap_group_search_base: ${LDAP_GROUP_SEARCH_BASE} +ldap_group_scope: ${LDAP_GROUP_SCOPE} +ldap_password: ${LDAP_PASSWORD} +ldap_password_attr: ${LDAP_PASSWORD_ATTR} +ldap_referrals: ${LDAP_REFERRALS} +ldap_restart: ${LDAP_RESTART} +ldap_id: ${LDAP_ID} +ldap_authz_id: ${LDAP_AUTHZ_ID} +ldap_mech: ${LDAP_MECH} +ldap_realm: ${LDAP_REALM} +ldap_scope: ${LDAP_SCOPE} +ldap_search_base: ${LDAP_SEARCH_BASE} +ldap_servers: ${LDAP_SERVERS} +ldap_start_tls: ${LDAP_START_TLS} +ldap_time_limit: ${LDAP_TIME_LIMIT} +ldap_timeout: ${LDAP_TIMEOUT} +ldap_tls_check_peer: ${LDAP_TLS_CHECK_PEER} +ldap_tls_cacert_file: ${LDAP_TLS_CACERT_FILE} +ldap_tls_cacert_dir: ${LDAP_TLS_CACERT_DIR} +ldap_tls_ciphers: ${LDAP_TLS_CIPHERS} +ldap_tls_cert: ${LDAP_TLS_CERT} +ldap_tls_key: ${LDAP_TLS_KEY} +ldap_use_sasl: ${LDAP_USE_SASL} +ldap_version: ${LDAP_VERSION} diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh index f9726fb2..f6f9c638 100644 --- a/target/scripts/build/packages.sh +++ b/target/scripts/build/packages.sh @@ -99,7 +99,8 @@ function _install_feature_config_templates() { apt-get "${QUIET}" --no-install-recommends install gettext-base # zenv: - local URL_ZENV="https://github.com/numToStr/zenv/releases/download/0.8.0/zenv-0.8.0-$(uname --machine)-unknown-linux-gnu.tar.gz" + local URL_ZENV + URL_ZENV="https://github.com/numToStr/zenv/releases/download/0.8.0/zenv-0.8.0-$(uname --machine)-unknown-linux-gnu.tar.gz" # Download from GH releases to stdout, then extract the zenv file to make available via PATH: curl -L "${URL_ZENV}" -o - | tar --gzip --extract --directory /usr/local/bin --file - zenv } diff --git a/target/scripts/helpers/utils.sh b/target/scripts/helpers/utils.sh index 29afd135..91900fc6 100644 --- a/target/scripts/helpers/utils.sh +++ b/target/scripts/helpers/utils.sh @@ -186,6 +186,6 @@ function _cleanse_config() { local KV_DELIMITER=${1:?KV Delimiter is required} local INPUT_FILE=${2?:Input file is required} - sed "/^[^${KV_DELIMITER}]*${KV_DELIMITER}\s*$/d" ${INPUT_FILE} \ + sed "/^[^${KV_DELIMITER}]*${KV_DELIMITER}\s*$/d" "${INPUT_FILE}" \ | tac | sort -u -t"${KV_DELIMITER}" -k1,1 } diff --git a/test/tests/serial/mail_with_ldap.bats b/test/tests/serial/mail_with_ldap.bats index 2116613d..771a18ae 100644 --- a/test/tests/serial/mail_with_ldap.bats +++ b/test/tests/serial/mail_with_ldap.bats @@ -229,19 +229,9 @@ function teardown() { ) for LDAP_SETTING in "${LDAP_SETTINGS_POSTFIX[@]}"; do - # "${LDAP_SETTING%=*}" is to match only the key portion of the var (helpful for assert_output error messages) - # NOTE: `start_tls = no` is a default setting, but the white-space differs when ENV `LDAP_START_TLS` is not set explicitly. - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/users.cf - assert_output "${LDAP_SETTING}" - assert_success - - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/groups.cf - assert_output "${LDAP_SETTING}" - assert_success - - _run_in_container grep "${LDAP_SETTING%=*}" /etc/postfix/ldap/aliases.cf - assert_output "${LDAP_SETTING}" - assert_success + _should_have_matching_setting "${LDAP_SETTING}" /etc/postfix/ldap/users.cf + _should_have_matching_setting "${LDAP_SETTING}" /etc/postfix/ldap/groups.cf + _should_have_matching_setting "${LDAP_SETTING}" /etc/postfix/ldap/aliases.cf done } @@ -269,9 +259,7 @@ function teardown() { ) for LDAP_SETTING in "${LDAP_SETTINGS_DOVECOT[@]}"; do - _run_in_container grep "${LDAP_SETTING%=*}" /etc/dovecot/dovecot-ldap.conf.ext - assert_output "${LDAP_SETTING}" - assert_success + _should_have_matching_setting "${LDAP_SETTING}" /etc/dovecot/dovecot-ldap.conf.ext done } @@ -437,3 +425,21 @@ function _should_successfully_deliver_mail_to() { # NOTE: Prevents compatibility for running testcases in parallel (for same container) when the count could become racey: _count_files_in_directory_in_container "${MAIL_STORAGE_RECIPIENT}" 1 } + +function _should_have_matching_setting() { + local KEY_VALUE=${1} + local CONFIG_FILE=${2} + + function __trim_whitespace() { + sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<< "${1}" + } + + local KEY VALUE + # Split string into key/value vars and trim white-space: + KEY=$(__trim_whitespace "${KEY_VALUE%=*}") + VALUE=$(__trim_whitespace "${KEY_VALUE#*=}") + + _run_in_container grep "${KEY}" "${CONFIG_FILE}" + assert_output --regexp "^${KEY}\s*=\s*${VALUE}$" + assert_success +}