refactor: Adapt Postfix LDAP config generation to use Config Template

- `postfix.base` defaults are now potentially breaking:
  - The `query_filter` default is common between `ldap-users.cf` and `ldap-senders.cf`, but the `mailEnabled` attribute locks it in to requiring the `postfix-book` OpenLDAP schema. Like the `result_attribute` setting, this is only set as a convenient default but not as broadly useful like the `bind` + `version` settings.
  - `version = 3` is required as unlike SASLAuthd and Dovecot, the default for Postfix is `2`.
  - `bind = yes` because we only support configuring for this in DMS?
  - `ldap-senders.cf` originally differed with it's `result_attribute` setting, but that default chosen looks to be more of a workaround introduced and should be more explicit?
- The Postfix `.base` template does not include the four common attributes (_that Dovecot and SASLAuthd base configs do_), as the `LDAP_` prefix is presently the same (no`POSTFIX_` prefix), thus would override user config regardless..
- `sender_login_maps.ldap` doesn't exist and isn't relevant to LDAP queries (seems to be accidentally included here). `ldap-senders.cf` provides this functionality.
- `ldap-senders.cf` was not supporting copying over a user-provided config, it does now.
- Internal location for these Postfix generated configs is now `/etc/postfix/ldap/`.

target/features/ldap/postfix.base

@@ -0,0 +1,4 @@
+bind             = yes
+query_filter     = (&(mail=%s)(mailEnabled=TRUE))
+result_attribute = mail
+version          = 3

target/features/ldap/postfix.tmpl

@@ -0,0 +1,35 @@
+# Postfix LDAP table docs: http://www.postfix.org/ldap_table.5.html
+server_host = ${SERVER_HOST}
+server_port = ${SERVER_PORT}
+timeout = ${TIMEOUT}
+search_base = ${SEARCH_BASE}
+query_filter = ${QUERY_FILTER}
+result_format = ${RESULT_FORMAT}
+domain = ${DOMAIN}
+result_attribute = ${RESULT_ATTRIBUTE}
+special_result_attribute = ${SPECIAL_RESULT_ATTRIBUTE}
+terminal_result_attribute = ${TERMINAL_RESULT_ATTRIBUTE}
+leaf_result_attribute = ${LEAF_RESULT_ATTRIBUTE}
+scope = ${SCOPE}
+bind = ${BIND}
+bind_dn = ${BIND_DN}
+bind_pw = ${BIND_PW}
+recursion_limit = ${RECURSION_LIMIT}
+expansion_limit = ${EXPANSION_LIMIT}
+size_limit = ${SIZE_LIMIT}
+dereference = ${DEREFERENCE}
+chase_referrals = ${CHASE_REFERRALS}
+version = ${VERSION}
+debuglevel = ${DEBUGLEVEL}
+sasl_mechs = ${SASL_MECHS}
+sasl_realm = ${SASL_REALM}
+sasl_authz_id = ${SASL_AUTHZ_ID}
+sasl_minssf = ${SASL_MINSSF}
+start_tls = ${START_TLS}
+tls_ca_cert_dir = ${TLS_CA_CERT_DIR}
+tls_ca_cert_file = ${TLS_CA_CERT_FILE}
+tls_cert = ${TLS_CERT}
+tls_key = ${TLS_KEY}
+tls_require_cert = ${TLS_REQUIRE_CERT}
+tls_random_file = ${TLS_RANDOM_FILE}
+tls_cipher_suite = ${TLS_CIPHER_SUITE}

target/scripts/startup/setup.d/ldap.sh

@@ -2,33 +2,36 @@
 
 function _setup_ldap() {
   _log 'debug' 'Setting up LDAP'
-  _log 'trace' 'Checking for custom configs'
 
-  for i in 'users' 'groups' 'aliases' 'domains'; do
+  _log 'trace' "Configuring Postfix for LDAP"
-    local FPATH="/tmp/docker-mailserver/ldap-${i}.cf"
+  mkdir -p /etc/postfix/ldap
-    if [[ -f ${FPATH} ]]; then
-      cp "${FPATH}" "/etc/postfix/ldap-${i}.cf"
-    fi
-  done
 
-  _log 'trace' 'Starting to override configs'
+  # Generate Postfix LDAP configs:
+  for QUERY_KIND in 'users' 'groups' 'aliases' 'domains' 'senders'; do
+    # NOTE: Presently, only `query_filter` is supported for individually targeting:
+    case "${QUERY_KIND}" in
+      ( 'users' )
+        export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_USER}"
+        ;;
 
-  local FILES=(
+      ( 'groups' )
-    /etc/postfix/ldap-users.cf
+        export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}"
-    /etc/postfix/ldap-groups.cf
+        ;;
-    /etc/postfix/ldap-aliases.cf
-    /etc/postfix/ldap-domains.cf
-    /etc/postfix/ldap-senders.cf
-    /etc/postfix/maps/sender_login_maps.ldap
-  )
 
-  for FILE in "${FILES[@]}"; do
+      ( 'aliases' )
-    [[ ${FILE} =~ ldap-user ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_USER}"
+        export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}"
-    [[ ${FILE} =~ ldap-group ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}"
+        ;;
-    [[ ${FILE} =~ ldap-aliases ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}"
+
-    [[ ${FILE} =~ ldap-domains ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_DOMAIN}"
+      ( 'domains' )
-    [[ ${FILE} =~ ldap-senders ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_SENDERS}"
+        export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_DOMAIN}"
-    [[ -f ${FILE} ]] && _replace_by_env_in_file 'LDAP_' "${FILE}"
+        ;;
+
+      ( 'senders' )
+        export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_SENDERS}"
+        ;;
+    esac
+
+    _create_config_postfix "${QUERY_KIND}"
   done
 
   _log 'trace' "Configuring Dovecot for LDAP"
@@ -77,3 +80,14 @@ function _create_config_dovecot() {
     <(_template_with_env 'DOVECOT_' /etc/dms/ldap/dovecot.tmpl) \
   ) > /etc/dovecot/dovecot-ldap.conf.ext
 }
+
+# NOTE: Only relies on the `LDAP_` prefix, presently assigned a `POSTFIX_` prefix.
+function _create_config_postfix() {
+  local QUERY_KIND=${1}
+
+  _cleanse_config '=' <(cat 2>/dev/null \
+    /etc/dms/ldap/postfix.base \
+    "/tmp/docker-mailserver/ldap-${QUERY_KIND}.cf" \
+    <(_template_with_env 'LDAP_' /etc/dms/ldap/postfix.tmpl) \
+  ) > "/etc/postfix/ldap-${QUERY_KIND}.cf"
+}