From b5edba69ad37cf61ef8235d9ec2a6ae5d9bdd4c8 Mon Sep 17 00:00:00 2001
From: polarathene <5098581+polarathene@users.noreply.github.com>
Date: Sun, 3 Sep 2023 17:20:00 +1200
Subject: [PATCH] chore: Adapt Dovecot LDAP config generation to use Config
 Template

Same process as described by earlier commits for SASLAuthd.

To avoid introducing potential breakage, the ENV fallback convenience for `DOVECOT_PASS_FILTER` is retained.
---
 target/features/ldap/dovecot.base      |  9 ++++++++
 target/features/ldap/dovecot.tmpl      | 32 ++++++++++++++++++++++++++
 target/scripts/startup/setup.d/ldap.sh | 30 +++++++++++-------------
 3 files changed, 55 insertions(+), 16 deletions(-)
 create mode 100644 target/features/ldap/dovecot.base
 create mode 100644 target/features/ldap/dovecot.tmpl

diff --git a/target/features/ldap/dovecot.base b/target/features/ldap/dovecot.base
new file mode 100644
index 00000000..3ef4e15c
--- /dev/null
+++ b/target/features/ldap/dovecot.base
@@ -0,0 +1,9 @@
+dn                  = ${BIND_DN}
+dnpass              = ${BIND_PW}
+uris                = ${SERVER_HOST}
+base                = ${SEARCH_BASE}
+default_pass_scheme = SSHA
+pass_attrs          = uniqueIdentifier=user,userPassword=password
+pass_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
+user_attrs          = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
+user_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
diff --git a/target/features/ldap/dovecot.tmpl b/target/features/ldap/dovecot.tmpl
new file mode 100644
index 00000000..c95c399f
--- /dev/null
+++ b/target/features/ldap/dovecot.tmpl
@@ -0,0 +1,32 @@
+# Dovecot LDAP config docs: https://github.com/dovecot/core/blob/bbb600e46ca650a3a5ef812ea3a1e8c45a6ea0ba/doc/example-config/dovecot-ldap.conf.ext
+hosts = ${HOSTS}
+uris = ${URIS}
+dn = ${DN}
+dnpass = ${DNPASS}
+sasl_bind = ${SASL_BIND}
+sasl_mech = ${SASL_MECH}
+sasl_realm = ${SASL_REALM}
+sasl_authz_id = ${SASL_AUTHZ_ID}
+tls = ${TLS}
+tls_ca_cert_file = ${TLS_CA_CERT_FILE}
+tls_ca_cert_dir = ${TLS_CA_CERT_DIR}
+tls_cipher_suite = ${TLS_CIPHER_SUITE}
+tls_cert_file = ${TLS_CERT_FILE}
+tls_key_file = ${TLS_KEY_FILE}
+tls_require_cert = ${TLS_REQUIRE_CERT}
+ldaprc_path = ${LDAPRC_PATH}
+debug_level = ${DEBUG_LEVEL}
+auth_bind = ${AUTH_BIND}
+auth_bind_userdn = ${AUTH_BIND_USERDN}
+ldap_version = ${LDAP_VERSION}
+base = ${BASE}
+deref = ${DEREF}
+scope = ${SCOPE}
+user_attrs = ${USER_ATTRS}
+user_filter = ${USER_FILTER}
+pass_attrs = ${PASS_ATTRS}
+pass_filter = ${PASS_FILTER}
+iterate_attrs = ${ITERATE_ATTRS}
+iterate_filter = ${ITERATE_FILTER}
+default_pass_scheme = ${DEFAULT_PASS_SCHEME}
+blocking = ${BLOCKING}
diff --git a/target/scripts/startup/setup.d/ldap.sh b/target/scripts/startup/setup.d/ldap.sh
index 1451ec32..42115bbd 100644
--- a/target/scripts/startup/setup.d/ldap.sh
+++ b/target/scripts/startup/setup.d/ldap.sh
@@ -31,23 +31,10 @@ function _setup_ldap() {
     [[ -f ${FILE} ]] && _replace_by_env_in_file 'LDAP_' "${FILE}"
   done
 
-  _log 'trace' "Configuring Dovecot LDAP"
-
-  declare -A DOVECOT_LDAP_MAPPING
-
-  DOVECOT_LDAP_MAPPING['DOVECOT_BASE']="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_DN']="${DOVECOT_DN:="${LDAP_BIND_DN}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_DNPASS']="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_URIS']="${DOVECOT_URIS:="${LDAP_SERVER_HOST}"}"
-
+  _log 'trace' "Configuring Dovecot for LDAP"
   # Default DOVECOT_PASS_FILTER to the same value as DOVECOT_USER_FILTER
-  DOVECOT_LDAP_MAPPING['DOVECOT_PASS_FILTER']="${DOVECOT_PASS_FILTER:="${DOVECOT_USER_FILTER}"}"
-
-  for VAR in "${!DOVECOT_LDAP_MAPPING[@]}"; do
-    export "${VAR}=${DOVECOT_LDAP_MAPPING[${VAR}]}"
-  done
-
-  _replace_by_env_in_file 'DOVECOT_' '/etc/dovecot/dovecot-ldap.conf.ext'
+  local DOVECOT_PASS_FILTER="${DOVECOT_PASS_FILTER:="${DOVECOT_USER_FILTER}"}"
+  _create_config_dovecot
 
   _log 'trace' 'Enabling Dovecot LDAP authentication'
 
@@ -79,3 +66,14 @@ function _setup_ldap() {
 
   return 0
 }
+
+# Generates a config from an ENV template while layering several other sources
+# into a single temporary file, used as input into `_cleanse_config` which
+# prepares the final output config.
+function _create_config_dovecot() {
+  _cleanse_config '=' <(cat 2>/dev/null \
+    <(_template_with_env 'LDAP_' /etc/dms/ldap/dovecot.base) \
+    /tmp/docker-mailserver/ldap/dovecot.conf \
+    <(_template_with_env 'DOVECOT_' /etc/dms/ldap/dovecot.tmpl) \
+  ) > /etc/dovecot/dovecot-ldap.conf.ext
+}