chore: Adapt Dovecot LDAP config generation to use Config Template

Same process as described by earlier commits for SASLAuthd.

To avoid introducing potential breakage, the ENV fallback convenience for `DOVECOT_PASS_FILTER` is retained.

target/features/ldap/dovecot.base

@@ -0,0 +1,9 @@
+dn                  = ${BIND_DN}
+dnpass              = ${BIND_PW}
+uris                = ${SERVER_HOST}
+base                = ${SEARCH_BASE}
+default_pass_scheme = SSHA
+pass_attrs          = uniqueIdentifier=user,userPassword=password
+pass_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
+user_attrs          = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
+user_filter         = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))

target/features/ldap/dovecot.tmpl

@@ -0,0 +1,32 @@
+# Dovecot LDAP config docs: https://github.com/dovecot/core/blob/bbb600e46ca650a3a5ef812ea3a1e8c45a6ea0ba/doc/example-config/dovecot-ldap.conf.ext
+hosts = ${HOSTS}
+uris = ${URIS}
+dn = ${DN}
+dnpass = ${DNPASS}
+sasl_bind = ${SASL_BIND}
+sasl_mech = ${SASL_MECH}
+sasl_realm = ${SASL_REALM}
+sasl_authz_id = ${SASL_AUTHZ_ID}
+tls = ${TLS}
+tls_ca_cert_file = ${TLS_CA_CERT_FILE}
+tls_ca_cert_dir = ${TLS_CA_CERT_DIR}
+tls_cipher_suite = ${TLS_CIPHER_SUITE}
+tls_cert_file = ${TLS_CERT_FILE}
+tls_key_file = ${TLS_KEY_FILE}
+tls_require_cert = ${TLS_REQUIRE_CERT}
+ldaprc_path = ${LDAPRC_PATH}
+debug_level = ${DEBUG_LEVEL}
+auth_bind = ${AUTH_BIND}
+auth_bind_userdn = ${AUTH_BIND_USERDN}
+ldap_version = ${LDAP_VERSION}
+base = ${BASE}
+deref = ${DEREF}
+scope = ${SCOPE}
+user_attrs = ${USER_ATTRS}
+user_filter = ${USER_FILTER}
+pass_attrs = ${PASS_ATTRS}
+pass_filter = ${PASS_FILTER}
+iterate_attrs = ${ITERATE_ATTRS}
+iterate_filter = ${ITERATE_FILTER}
+default_pass_scheme = ${DEFAULT_PASS_SCHEME}
+blocking = ${BLOCKING}

target/scripts/startup/setup.d/ldap.sh

@@ -31,23 +31,10 @@ function _setup_ldap() {
     [[ -f ${FILE} ]] && _replace_by_env_in_file 'LDAP_' "${FILE}"
   done
 
-  _log 'trace' "Configuring Dovecot LDAP"
+  _log 'trace' "Configuring Dovecot for LDAP"
-
-  declare -A DOVECOT_LDAP_MAPPING
-
-  DOVECOT_LDAP_MAPPING['DOVECOT_BASE']="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_DN']="${DOVECOT_DN:="${LDAP_BIND_DN}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_DNPASS']="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}"
-  DOVECOT_LDAP_MAPPING['DOVECOT_URIS']="${DOVECOT_URIS:="${LDAP_SERVER_HOST}"}"
-
   # Default DOVECOT_PASS_FILTER to the same value as DOVECOT_USER_FILTER
-  DOVECOT_LDAP_MAPPING['DOVECOT_PASS_FILTER']="${DOVECOT_PASS_FILTER:="${DOVECOT_USER_FILTER}"}"
+  local DOVECOT_PASS_FILTER="${DOVECOT_PASS_FILTER:="${DOVECOT_USER_FILTER}"}"
-
+  _create_config_dovecot
-  for VAR in "${!DOVECOT_LDAP_MAPPING[@]}"; do
-    export "${VAR}=${DOVECOT_LDAP_MAPPING[${VAR}]}"
-  done
-
-  _replace_by_env_in_file 'DOVECOT_' '/etc/dovecot/dovecot-ldap.conf.ext'
 
   _log 'trace' 'Enabling Dovecot LDAP authentication'
 
@@ -79,3 +66,14 @@ function _setup_ldap() {
 
   return 0
 }
+
+# Generates a config from an ENV template while layering several other sources
+# into a single temporary file, used as input into `_cleanse_config` which
+# prepares the final output config.
+function _create_config_dovecot() {
+  _cleanse_config '=' <(cat 2>/dev/null \
+    <(_template_with_env 'LDAP_' /etc/dms/ldap/dovecot.base) \
+    /tmp/docker-mailserver/ldap/dovecot.conf \
+    <(_template_with_env 'DOVECOT_' /etc/dms/ldap/dovecot.tmpl) \
+  ) > /etc/dovecot/dovecot-ldap.conf.ext
+}