Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Postfix LDAP configs `main.cf` support opt-out instead 

Generic approach to configuring Postfix with the LDAP tables in `main.cf`. Instead of opt-in when file exists (always did), opt-out when the `query_filter` is missing.

This fixes a bug reported when deployment does not require LDAP queries for a lookup type, like groups. Avoids introducing misconfiguration by default.
This commit is contained in:
polarathene 2023-09-03 21:24:45 +12:00
parent 067341ab55
commit 8fe744ffd1
1 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
target/scripts/startup/setup.d/ldap.sh
View File

@ -4,9 +4,15 @@ function _setup_ldap() {
_log 'debug' 'Setting up LDAP' _log 'debug' 'Setting up LDAP'
_log 'trace' "Configuring Postfix for LDAP" _log 'trace' "Configuring Postfix for LDAP"
mkdir -p /etc/postfix/ldap
# Configure Postfix settings for LDAP configs in advance:
postconf \
'virtual_mailbox_maps = ldap:/etc/postfix/ldap/users.cf' \
'virtual_mailbox_domains = /etc/postfix/vhost ldap:/etc/postfix/ldap/domains.cf' \
'virtual_alias_maps = ldap:/etc/postfix/ldap/aliases.cf ldap:/etc/postfix/ldap/groups.cf'
# Generate Postfix LDAP configs: # Generate Postfix LDAP configs:
mkdir -p /etc/postfix/ldap
for QUERY_KIND in 'users' 'groups' 'aliases' 'domains' 'senders'; do for QUERY_KIND in 'users' 'groups' 'aliases' 'domains' 'senders'; do
# NOTE: Presently, only `query_filter` is supported for individually targeting: # NOTE: Presently, only `query_filter` is supported for individually targeting:
case "${QUERY_KIND}" in case "${QUERY_KIND}" in
@ -44,26 +50,6 @@ function _setup_ldap() {
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
_log 'trace' "Configuring LDAP"
if [[ -f /etc/postfix/ldap/users.cf ]]; then
postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap/users.cf'
else
_log 'warn' "'/etc/postfix/ldap/users.cf' not found"
fi
if [[ -f /etc/postfix/ldap/domains.cf ]]; then
postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap/domains.cf'
else
_log 'warn' "'/etc/postfix/ldap/domains.cf' not found"
fi
if [[ -f /etc/postfix/ldap/aliases.cf ]] && [[ -f /etc/postfix/ldap/groups.cf ]]; then
postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap/aliases.cf, ldap:/etc/postfix/ldap/groups.cf'
else
_log 'warn' "'/etc/postfix/ldap/aliases.cf' and / or '/etc/postfix/ldap/groups.cf' not found"
fi
# shellcheck disable=SC2016 # shellcheck disable=SC2016
sed -i 's|mydestination = \$myhostname, |mydestination = |' /etc/postfix/main.cf sed -i 's|mydestination = \$myhostname, |mydestination = |' /etc/postfix/main.cf
@ -84,10 +70,18 @@ function _create_config_dovecot() {
# NOTE: Only relies on the `LDAP_` prefix, presently assigned a `POSTFIX_` prefix. # NOTE: Only relies on the `LDAP_` prefix, presently assigned a `POSTFIX_` prefix.
function _create_config_postfix() { function _create_config_postfix() {
local QUERY_KIND=${1} local QUERY_KIND=${1}
local LDAP_CONFIG_FILE="/etc/postfix/ldap/${QUERY_KIND}.cf"
_cleanse_config '=' <(cat 2>/dev/null \ _cleanse_config '=' <(cat 2>/dev/null \
/etc/dms/ldap/postfix.base \ /etc/dms/ldap/postfix.base \
"/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \ "/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \
<(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \ <(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \
) > "/etc/postfix/ldap/${QUERY_KIND}.cf" ) > "${LDAP_CONFIG_FILE}"
# Opt-out of generated config if `query_filter` was not configured:
if ! grep --silent '^query_filter =' "${LDAP_CONFIG_FILE}"; then
_log 'warn' "'${LDAP_CONFIG_FILE}' is missing the 'query_filter' setting - disabling"
sed -i "s/$(_escape_for_sed <<< ${LDAP_CONFIG_FILE})//" /etc/postfix/main.cf
fi
} }