Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix!: use dovecot's LDAP uris option instead of hosts (#1901) 

* Use dovecot's LDAP uris option instead of hosts (fixes #1510)

* Clean up variables & environment documentation for #1901

Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
This commit is contained in:
Moritz Marquardt 2021-04-19 09:02:03 +02:00 committed by GitHub
parent 8313d9753b
commit 94b5ac49c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ENVIRONMENT.md
View File

@ -385,7 +385,7 @@ Note: The defaults of your fetchmailrc file need to be at the top of the file. O
##### LDAP_SERVER_HOST ##### LDAP_SERVER_HOST
- **empty** => mail.domain.com - **empty** => mail.domain.com
- => Specify the dns-name/ip-address where the ldap-server - => Specify the dns-name/ip-address where the ldap-server is listening, or an URI like `ldaps://mail.domain.com`
- NOTE: If you going to use the mailserver in combination with docker-compose you can set the service name here - NOTE: If you going to use the mailserver in combination with docker-compose you can set the service name here
##### LDAP_SEARCH_BASE ##### LDAP_SEARCH_BASE
@ -457,10 +457,12 @@ The following variables overwrite the default values for ```/etc/dovecot/dovecot
- **empty** => same as `LDAP_BIND_PW` - **empty** => same as `LDAP_BIND_PW`
- => Password for LDAP dn sepecifified in `DOVECOT_DN`. - => Password for LDAP dn sepecifified in `DOVECOT_DN`.
##### DOVECOT_HOSTS ##### DOVECOT_URIS
- **empty** => same as `LDAP_SERVER_HOST` - **empty** => same as `LDAP_SERVER_HOST`
- => Specify a space separated list of LDAP hosts. - => Specify a space separated list of LDAP uris.
- Note: If the protocol is missing, `ldap://` will be used.
- Note: This deprecates `DOVECOT_HOSTS` (as it didn't allow to use LDAPS), which is currently still supported for backwards compatibility.
##### DOVECOT_LDAP_VERSION ##### DOVECOT_LDAP_VERSION
@ -488,6 +490,7 @@ The following variables overwrite the default values for ```/etc/dovecot/dovecot
##### DOVECOT_PASS_FILTER ##### DOVECOT_PASS_FILTER
- e.g. `(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))` - e.g. `(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))`
- **empty** => same as `DOVECOT_USER_FILTER`
##### DOVECOT_PASS_ATTRS ##### DOVECOT_PASS_ATTRS

2
target/dovecot/dovecot-ldap.conf.ext
View File

@ -2,7 +2,7 @@ base = ou=people,dc=domain,dc=com
default_pass_scheme = SSHA default_pass_scheme = SSHA
dn = cn=admin,dc=domain,dc=com dn = cn=admin,dc=domain,dc=com
dnpass = admin dnpass = admin
hosts = mail.domain.com uris = ldap://mail.domain.com
tls = no tls = no
ldap_version = 3 ldap_version = 3
pass_attrs = uniqueIdentifier=user,userPassword=password pass_attrs = uniqueIdentifier=user,userPassword=password

26
target/scripts/startup/setup-stack.sh
View File

@ -437,20 +437,26 @@ function _setup_ldap
_notify 'inf' "Configuring dovecot LDAP" _notify 'inf' "Configuring dovecot LDAP"
declare -A _dovecot_ldap_mapping declare -A DOVECOT_LDAP_MAPPING
_dovecot_ldap_mapping["DOVECOT_BASE"]="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}" DOVECOT_LDAP_MAPPING["DOVECOT_BASE"]="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}"
_dovecot_ldap_mapping["DOVECOT_DN"]="${DOVECOT_DN:="${LDAP_BIND_DN}"}" DOVECOT_LDAP_MAPPING["DOVECOT_DN"]="${DOVECOT_DN:="${LDAP_BIND_DN}"}"
_dovecot_ldap_mapping["DOVECOT_DNPASS"]="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}" DOVECOT_LDAP_MAPPING["DOVECOT_DNPASS"]="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}"
_dovecot_ldap_mapping["DOVECOT_HOSTS"]="${DOVECOT_HOSTS:="${LDAP_SERVER_HOST}"}" DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]="${DOVECOT_URIS:="${DOVECOT_HOSTS:="${LDAP_SERVER_HOST}"}"}"
# Not sure whether this can be the same or not # Add protocol to DOVECOT_URIS so that we can use dovecot's "uris" option:
# _dovecot_ldap_mapping["DOVECOT_PASS_FILTER"]="${DOVECOT_PASS_FILTER:="${LDAP_QUERY_FILTER_USER}"}" # https://doc.dovecot.org/configuration_manual/authentication/ldap/
# _dovecot_ldap_mapping["DOVECOT_USER_FILTER"]="${DOVECOT_USER_FILTER:="${LDAP_QUERY_FILTER_USER}"}" if [[ "${DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]}" != *'://'* ]]
then
DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]="ldap://${DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]}"
fi
for VAR in "${!_dovecot_ldap_mapping[@]}" # Default DOVECOT_PASS_FILTER to the same value as DOVECOT_USER_FILTER
DOVECOT_LDAP_MAPPING["DOVECOT_PASS_FILTER"]="${DOVECOT_PASS_FILTER:="${DOVECOT_USER_FILTER}"}"
for VAR in "${!DOVECOT_LDAP_MAPPING[@]}"
do do
export "${VAR}=${_dovecot_ldap_mapping[${VAR}]}" export "${VAR}=${DOVECOT_LDAP_MAPPING[${VAR}]}"
done done
configomat.sh "DOVECOT_" "/etc/dovecot/dovecot-ldap.conf.ext" configomat.sh "DOVECOT_" "/etc/dovecot/dovecot-ldap.conf.ext"

2
test/mail_with_ldap.bats
View File

@ -156,7 +156,7 @@ function teardown_file() {
} }
@test "checking dovecot: ldap config overwrites success" { @test "checking dovecot: ldap config overwrites success" {
run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext" run docker exec mail_with_ldap /bin/sh -c "grep 'uris = ldap://ldap' /etc/dovecot/dovecot-ldap.conf.ext"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'tls = no' /etc/dovecot/dovecot-ldap.conf.ext" run docker exec mail_with_ldap /bin/sh -c "grep 'tls = no' /etc/dovecot/dovecot-ldap.conf.ext"
assert_success assert_success