mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-07-10 01:15:00 +02:00
scripts: split setup-stack.sh (#3115)
This commit is contained in:
Georg Lauterbach
GitHub
parent
1592698637
commit
f35b60042f
18 changed files with 1205 additions and 1184 deletions
20
target/scripts/helpers/dhparams.sh
Normal file
20
target/scripts/helpers/dhparams.sh
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
|
||||
function _setup_dhparam
|
||||
{
|
||||
local DH_SERVICE=$1
|
||||
local DH_DEST=$2
|
||||
local DH_CUSTOM='/tmp/docker-mailserver/dhparams.pem'
|
||||
|
||||
_log 'debug' "Setting up ${DH_SERVICE} dhparam"
|
||||
|
||||
if [[ -f ${DH_CUSTOM} ]]
|
||||
then # use custom supplied dh params (assumes they're probably insecure)
|
||||
_log 'trace' "${DH_SERVICE} will use custom provided DH paramters"
|
||||
_log 'warn' "Using self-generated dhparams is considered insecure - unless you know what you are doing, please remove '${DH_CUSTOM}'"
|
||||
|
||||
cp -f "${DH_CUSTOM}" "${DH_DEST}"
|
||||
else # use official standardized dh params (provided via Dockerfile)
|
||||
_log 'trace' "${DH_SERVICE} will use official standardized DH parameters (ffdhe4096)."
|
||||
fi
|
||||
}
|
||||
|
|
@ -10,6 +10,7 @@ function _import_scripts
|
|||
source "${PATH_TO_SCRIPTS}/accounts.sh"
|
||||
source "${PATH_TO_SCRIPTS}/aliases.sh"
|
||||
source "${PATH_TO_SCRIPTS}/change-detection.sh"
|
||||
source "${PATH_TO_SCRIPTS}/dhparams.sh"
|
||||
source "${PATH_TO_SCRIPTS}/dns.sh"
|
||||
source "${PATH_TO_SCRIPTS}/error.sh"
|
||||
source "${PATH_TO_SCRIPTS}/lock.sh"
|
||||
|
|
|
|||
|
|
@ -1,182 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Just a helper to prepend the log messages with `(Rspamd setup)` so
|
||||
# users know exactly where the message originated from.
|
||||
#
|
||||
# @param ${1} = log level
|
||||
# @param ${2} = message
|
||||
function __rspamd__log { _log "${1:-}" "(Rspamd setup) ${2:-}" ; }
|
||||
|
||||
# Run miscellaneous checks against the current configuration so we can
|
||||
# properly handle integration into ClamAV, etc.
|
||||
#
|
||||
# This will also check whether Amavis is enabled and emit a warning as
|
||||
# we discourage users from running Amavis & Rspamd at the same time.
|
||||
function __rspamd__preflight_checks
|
||||
{
|
||||
touch /var/lib/rspamd/stats.ucl
|
||||
|
||||
if [[ ${ENABLE_AMAVIS} -eq 1 ]] || [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
|
||||
then
|
||||
__rspamd__log 'warn' 'Running Amavis/SA & Rspamd at the same time is discouraged'
|
||||
fi
|
||||
|
||||
if [[ ${ENABLE_CLAMAV} -eq 1 ]]
|
||||
then
|
||||
__rspamd__log 'debug' 'Enabling ClamAV integration'
|
||||
sedfile -i -E 's|^(enabled).*|\1 = true;|g' /etc/rspamd/local.d/antivirus.conf
|
||||
# RSpamd uses ClamAV's UNIX socket, and to be able to read it, it must be in the same group
|
||||
usermod -a -G clamav _rspamd
|
||||
else
|
||||
__rspamd__log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)'
|
||||
fi
|
||||
}
|
||||
|
||||
# Adjust Postfix's configuration files. Append Rspamd at the end of
|
||||
# `smtpd_milters` in `main.cf`.
|
||||
function __rspamd__adjust_postfix_configuration
|
||||
{
|
||||
# shellcheck disable=SC2016
|
||||
sed -i -E 's|^(smtpd_milters =.*)|\1 inet:localhost:11332|g' /etc/postfix/main.cf
|
||||
}
|
||||
|
||||
# Helper for explicitly enabling or disabling a specific module.
|
||||
#
|
||||
# @param ${1} = module name
|
||||
# @param ${2} = `true` when you want to enable the module (default),
|
||||
# `false` when you want to disable the module [OPTIONAL]
|
||||
# @param ${3} = whether to use `local` (default) or `override` [OPTIONAL]
|
||||
function __rspamd__enable_disable_module
|
||||
{
|
||||
local MODULE=${1:?Module name must be provided}
|
||||
local ENABLE_MODULE=${2:-true}
|
||||
local LOCAL_OR_OVERRIDE=${3:-local}
|
||||
local MESSAGE='Enabling'
|
||||
|
||||
if [[ ! ${ENABLE_MODULE} =~ ^(true|false)$ ]]
|
||||
then
|
||||
__rspamd__log 'warn' "__rspamd__enable_disable_module got non-boolean argument for deciding whether module should be enabled or not"
|
||||
return 1
|
||||
fi
|
||||
|
||||
[[ ${ENABLE_MODULE} == true ]] || MESSAGE='Disabling'
|
||||
|
||||
__rspamd__log 'trace' "${MESSAGE} module '${MODULE}'"
|
||||
cat >"/etc/rspamd/${LOCAL_OR_OVERRIDE}.d/${MODULE}.conf" << EOF
|
||||
# documentation: https://rspamd.com/doc/modules/${MODULE}.html
|
||||
|
||||
enabled = ${ENABLE_MODULE};
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
# Disables certain modules by default. This can be overwritten by the user later.
|
||||
# We disable the modules listed in `DISABLE_MODULES` as we believe these modules
|
||||
# are not commonly used and the average user does not need them. As a consequence,
|
||||
# disabling them saves resources.
|
||||
function __rspamd__disable_default_modules
|
||||
{
|
||||
local DISABLE_MODULES=(
|
||||
clickhouse
|
||||
elastic
|
||||
greylist
|
||||
neural
|
||||
reputation
|
||||
spamassassin
|
||||
url_redirector
|
||||
metric_exporter
|
||||
)
|
||||
|
||||
for MODULE in "${DISABLE_MODULES[@]}"
|
||||
do
|
||||
__rspamd__enable_disable_module "${MODULE}" 'false'
|
||||
done
|
||||
}
|
||||
|
||||
# Parses `RSPAMD_CUSTOM_COMMANDS_FILE` and executed the directives given by the file.
|
||||
# To get a detailed explanation of the commands and how the file works, visit
|
||||
# https://docker-mailserver.github.io/docker-mailserver/edge/config/security/rspamd/#with-the-help-of-a-custom-file
|
||||
function __rspamd__handle_modules_configuration
|
||||
{
|
||||
# Adds an option with a corresponding value to a module, or, in case the option
|
||||
# is already present, overwrites it.
|
||||
#
|
||||
# @param ${1} = file name in /etc/rspamd/override.d/
|
||||
# @param ${2} = module name as it should appear in the log
|
||||
# @patam ${3} = option name in the module
|
||||
# @param ${4} = value of the option
|
||||
#
|
||||
# ## Note
|
||||
#
|
||||
# While this function is currently bound to the scope of `__rspamd__handle_modules_configuration`,
|
||||
# it is written in a versatile way (taking 4 arguments instead of assuming `ARGUMENT2` / `ARGUMENT3`
|
||||
# are set) so that it may be used elsewhere if needed.
|
||||
function __add_or_replace
|
||||
{
|
||||
local MODULE_FILE=${1:?Module file name must be provided}
|
||||
local MODULE_LOG_NAME=${2:?Module log name must be provided}
|
||||
local OPTION=${3:?Option name must be provided}
|
||||
local VALUE=${4:?Value belonging to an option must be provided}
|
||||
# remove possible whitespace at the end (e.g., in case ${ARGUMENT3} is empty)
|
||||
VALUE=${VALUE% }
|
||||
|
||||
local FILE="/etc/rspamd/override.d/${MODULE_FILE}"
|
||||
[[ -f ${FILE} ]] || touch "${FILE}"
|
||||
|
||||
if grep -q -E "${OPTION}.*=.*" "${FILE}"
|
||||
then
|
||||
__rspamd__log 'trace' "Overwriting option '${OPTION}' with value '${VALUE}' for ${MODULE_LOG_NAME}"
|
||||
sed -i -E "s|([[:space:]]*${OPTION}).*|\1 = ${VALUE};|g" "${FILE}"
|
||||
else
|
||||
__rspamd__log 'trace' "Setting option '${OPTION}' for ${MODULE_LOG_NAME} to '${VALUE}'"
|
||||
echo "${OPTION} = ${VALUE};" >>"${FILE}"
|
||||
fi
|
||||
}
|
||||
|
||||
local RSPAMD_CUSTOM_COMMANDS_FILE='/tmp/docker-mailserver/rspamd-modules.conf'
|
||||
if [[ -f "${RSPAMD_CUSTOM_COMMANDS_FILE}" ]]
|
||||
then
|
||||
__rspamd__log 'debug' "Found file 'rspamd-modules.conf' - parsing and applying it"
|
||||
|
||||
while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3
|
||||
do
|
||||
case "${COMMAND}" in
|
||||
|
||||
('disable-module')
|
||||
__rspamd__enable_disable_module "${ARGUMENT1}" 'false' 'override'
|
||||
;;
|
||||
|
||||
('enable-module')
|
||||
__rspamd__enable_disable_module "${ARGUMENT1}" 'true' 'override'
|
||||
;;
|
||||
|
||||
('set-option-for-module')
|
||||
__add_or_replace "${ARGUMENT1}.conf" "module '${ARGUMENT1}'" "${ARGUMENT2}" "${ARGUMENT3}"
|
||||
;;
|
||||
|
||||
('set-option-for-controller')
|
||||
__add_or_replace 'worker-controller.inc' 'controller worker' "${ARGUMENT1}" "${ARGUMENT2} ${ARGUMENT3}"
|
||||
;;
|
||||
|
||||
('set-option-for-proxy')
|
||||
__add_or_replace 'worker-proxy.inc' 'proxy worker' "${ARGUMENT1}" "${ARGUMENT2} ${ARGUMENT3}"
|
||||
;;
|
||||
|
||||
('set-common-option')
|
||||
__add_or_replace 'options.inc' 'common options' "${ARGUMENT1}" "${ARGUMENT2} ${ARGUMENT3}"
|
||||
;;
|
||||
|
||||
('add-line')
|
||||
__rspamd__log 'trace' "Adding complete line to '${ARGUMENT1}'"
|
||||
echo "${ARGUMENT2} ${ARGUMENT3:-}" >>"/etc/rspamd/override.d/${ARGUMENT1}"
|
||||
;;
|
||||
|
||||
(*)
|
||||
__rspamd__log 'warn' "Command '${COMMAND}' is invalid"
|
||||
continue
|
||||
;;
|
||||
|
||||
esac
|
||||
done < <(_get_valid_lines_from_file "${RSPAMD_CUSTOM_COMMANDS_FILE}")
|
||||
fi
|
||||
}
|
||||
|
|
@ -1,215 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
declare -A VARS
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
declare -a FUNCS_SETUP FUNCS_FIX FUNCS_CHECK FUNCS_MISC DAEMONS_START
|
||||
|
||||
# This function handles variables that are deprecated. This allows a
|
||||
# smooth transition period, without the need of removing a variable
|
||||
# completely with a single version.
|
||||
function _environment_variables_backwards_compatibility
|
||||
{
|
||||
if [[ ${ENABLE_LDAP:-0} -eq 1 ]]
|
||||
then
|
||||
_log 'warn' "'ENABLE_LDAP=1' is deprecated (and will be removed in v13.0.0) => use 'ACCOUNT_PROVISIONER=LDAP' instead"
|
||||
ACCOUNT_PROVISIONER='LDAP'
|
||||
fi
|
||||
|
||||
# TODO this can be uncommented in a PR handling the HOSTNAME/DOMAINNAME issue
|
||||
# TODO see check_for_changes.sh and dns.sh
|
||||
# if [[ -n ${OVERRIDE_HOSTNAME:-} ]]
|
||||
# then
|
||||
# _log 'warn' "'OVERRIDE_HOSTNAME' is deprecated (and will be removed in v13.0.0) => use 'DMS_FQDN' instead"
|
||||
# [[ -z ${DMS_FQDN} ]] && DMS_FQDN=${OVERRIDE_HOSTNAME}
|
||||
# fi
|
||||
}
|
||||
|
||||
# This function Writes the contents of the `VARS` map (associative array)
|
||||
# to locations where they can be sourced from (e.g. `/etc/dms-settings`)
|
||||
# or where they can be used by Bash directly (e.g. `/root/.bashrc`).
|
||||
function _environment_variables_export
|
||||
{
|
||||
_log 'debug' "Exporting environment variables now (creating '/etc/dms-settings')"
|
||||
|
||||
: >/root/.bashrc # make DMS variables available in login shells and their subprocesses
|
||||
: >/etc/dms-settings # this file can be sourced by other scripts
|
||||
|
||||
local VAR
|
||||
for VAR in "${!VARS[@]}"
|
||||
do
|
||||
echo "export ${VAR}='${VARS[${VAR}]}'" >>/root/.bashrc
|
||||
echo "${VAR}='${VARS[${VAR}]}'" >>/etc/dms-settings
|
||||
done
|
||||
|
||||
sort -o /root/.bashrc /root/.bashrc
|
||||
sort -o /etc/dms-settings /etc/dms-settings
|
||||
}
|
||||
|
||||
# This function sets almost all environment variables. This involves setting
|
||||
# a default if no value was provided and writing the variable and its value
|
||||
# to the VARS map.
|
||||
function _environment_variables_general_setup
|
||||
{
|
||||
_log 'debug' 'Handling general environment variable setup'
|
||||
|
||||
# these variables must be defined first
|
||||
# they are used as default values for other variables
|
||||
|
||||
VARS[POSTMASTER_ADDRESS]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
|
||||
VARS[REPORT_RECIPIENT]="${REPORT_RECIPIENT:=${POSTMASTER_ADDRESS}}"
|
||||
VARS[REPORT_SENDER]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}"
|
||||
|
||||
_log 'trace' 'Setting anti-spam & anti-virus environment variables'
|
||||
|
||||
VARS[AMAVIS_LOGLEVEL]="${AMAVIS_LOGLEVEL:=0}"
|
||||
VARS[CLAMAV_MESSAGE_SIZE_LIMIT]="${CLAMAV_MESSAGE_SIZE_LIMIT:=25M}"
|
||||
VARS[FAIL2BAN_BLOCKTYPE]="${FAIL2BAN_BLOCKTYPE:=drop}"
|
||||
VARS[MOVE_SPAM_TO_JUNK]="${MOVE_SPAM_TO_JUNK:=1}"
|
||||
VARS[POSTGREY_AUTO_WHITELIST_CLIENTS]="${POSTGREY_AUTO_WHITELIST_CLIENTS:=5}"
|
||||
VARS[POSTGREY_DELAY]="${POSTGREY_DELAY:=300}"
|
||||
VARS[POSTGREY_MAX_AGE]="${POSTGREY_MAX_AGE:=35}"
|
||||
VARS[POSTGREY_TEXT]="${POSTGREY_TEXT:=Delayed by Postgrey}"
|
||||
VARS[POSTSCREEN_ACTION]="${POSTSCREEN_ACTION:=enforce}"
|
||||
VARS[SA_KILL]=${SA_KILL:="6.31"}
|
||||
VARS[SA_SPAM_SUBJECT]=${SA_SPAM_SUBJECT:="***SPAM*** "}
|
||||
VARS[SA_TAG]=${SA_TAG:="2.0"}
|
||||
VARS[SA_TAG2]=${SA_TAG2:="6.31"}
|
||||
VARS[SPAMASSASSIN_SPAM_TO_INBOX]="${SPAMASSASSIN_SPAM_TO_INBOX:=1}"
|
||||
VARS[SPOOF_PROTECTION]="${SPOOF_PROTECTION:=0}"
|
||||
VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}"
|
||||
|
||||
_log 'trace' 'Setting service-enabling environment variables'
|
||||
|
||||
VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}"
|
||||
VARS[ENABLE_CLAMAV]="${ENABLE_CLAMAV:=0}"
|
||||
VARS[ENABLE_DNSBL]="${ENABLE_DNSBL:=0}"
|
||||
VARS[ENABLE_FAIL2BAN]="${ENABLE_FAIL2BAN:=0}"
|
||||
VARS[ENABLE_FETCHMAIL]="${ENABLE_FETCHMAIL:=0}"
|
||||
VARS[ENABLE_MANAGESIEVE]="${ENABLE_MANAGESIEVE:=0}"
|
||||
VARS[ENABLE_OPENDKIM]="${ENABLE_OPENDKIM:=1}"
|
||||
VARS[ENABLE_OPENDMARC]="${ENABLE_OPENDMARC:=1}"
|
||||
VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
|
||||
VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
|
||||
VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
|
||||
VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}"
|
||||
VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
|
||||
VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
|
||||
VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"
|
||||
VARS[ENABLE_SRS]="${ENABLE_SRS:=0}"
|
||||
VARS[ENABLE_UPDATE_CHECK]="${ENABLE_UPDATE_CHECK:=1}"
|
||||
|
||||
_log 'trace' 'Setting IP, DNS and SSL environment variables'
|
||||
|
||||
VARS[DEFAULT_RELAY_HOST]="${DEFAULT_RELAY_HOST:=}"
|
||||
# VARS[DMS_FQDN]="${DMS_FQDN:=}"
|
||||
# VARS[DMS_DOMAINNAME]="${DMS_DOMAINNAME:=}"
|
||||
# VARS[DMS_HOSTNAME]="${DMS_HOSTNAME:=}"
|
||||
VARS[NETWORK_INTERFACE]="${NETWORK_INTERFACE:=eth0}"
|
||||
VARS[OVERRIDE_HOSTNAME]="${OVERRIDE_HOSTNAME:-}"
|
||||
VARS[RELAY_HOST]="${RELAY_HOST:=}"
|
||||
VARS[SSL_TYPE]="${SSL_TYPE:=}"
|
||||
VARS[TLS_LEVEL]="${TLS_LEVEL:=modern}"
|
||||
|
||||
_log 'trace' 'Setting Dovecot- and Postfix-specific environment variables'
|
||||
|
||||
VARS[DOVECOT_INET_PROTOCOLS]="${DOVECOT_INET_PROTOCOLS:=all}"
|
||||
VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
|
||||
VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
|
||||
|
||||
VARS[POSTFIX_INET_PROTOCOLS]="${POSTFIX_INET_PROTOCOLS:=all}"
|
||||
VARS[POSTFIX_MAILBOX_SIZE_LIMIT]="${POSTFIX_MAILBOX_SIZE_LIMIT:=0}"
|
||||
VARS[POSTFIX_MESSAGE_SIZE_LIMIT]="${POSTFIX_MESSAGE_SIZE_LIMIT:=10240000}" # ~10 MB
|
||||
|
||||
_log 'trace' 'Setting miscellaneous environment variables'
|
||||
|
||||
VARS[ACCOUNT_PROVISIONER]="${ACCOUNT_PROVISIONER:=FILE}"
|
||||
VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
|
||||
VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
|
||||
VARS[LOG_LEVEL]="${LOG_LEVEL:=info}"
|
||||
VARS[LOGROTATE_INTERVAL]="${LOGROTATE_INTERVAL:=weekly}"
|
||||
VARS[LOGWATCH_INTERVAL]="${LOGWATCH_INTERVAL:=none}"
|
||||
VARS[LOGWATCH_RECIPIENT]="${LOGWATCH_RECIPIENT:=${REPORT_RECIPIENT}}"
|
||||
VARS[LOGWATCH_SENDER]="${LOGWATCH_SENDER:=${REPORT_SENDER}}"
|
||||
VARS[ONE_DIR]="${ONE_DIR:=1}"
|
||||
VARS[PERMIT_DOCKER]="${PERMIT_DOCKER:=none}"
|
||||
VARS[PFLOGSUMM_RECIPIENT]="${PFLOGSUMM_RECIPIENT:=${REPORT_RECIPIENT}}"
|
||||
VARS[PFLOGSUMM_SENDER]="${PFLOGSUMM_SENDER:=${REPORT_SENDER}}"
|
||||
VARS[PFLOGSUMM_TRIGGER]="${PFLOGSUMM_TRIGGER:=none}"
|
||||
VARS[SMTP_ONLY]="${SMTP_ONLY:=0}"
|
||||
VARS[SRS_SENDER_CLASSES]="${SRS_SENDER_CLASSES:=envelope_sender}"
|
||||
VARS[SUPERVISOR_LOGLEVEL]="${SUPERVISOR_LOGLEVEL:=warn}"
|
||||
VARS[TZ]="${TZ:=}"
|
||||
VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}"
|
||||
}
|
||||
|
||||
# This function handles environment variables related to LDAP.
|
||||
function _environment_variables_ldap
|
||||
{
|
||||
_log 'debug' 'Setting LDAP-related environment variables now'
|
||||
|
||||
VARS[LDAP_BIND_DN]="${LDAP_BIND_DN:=}"
|
||||
VARS[LDAP_BIND_PW]="${LDAP_BIND_PW:=}"
|
||||
VARS[LDAP_SEARCH_BASE]="${LDAP_SEARCH_BASE:=}"
|
||||
VARS[LDAP_SERVER_HOST]="${LDAP_SERVER_HOST:=}"
|
||||
VARS[LDAP_START_TLS]="${LDAP_START_TLS:=no}"
|
||||
}
|
||||
|
||||
# This function handles environment variables related to SASLAUTHD
|
||||
# and, if activated, variables related to SASLAUTHD and LDAP.
|
||||
function _environment_variables_saslauthd
|
||||
{
|
||||
_log 'debug' 'Setting SASLAUTHD-related environment variables now'
|
||||
|
||||
VARS[SASLAUTHD_MECHANISMS]="${SASLAUTHD_MECHANISMS:=pam}"
|
||||
|
||||
# SASL ENV for configuring an LDAP specific
|
||||
# `saslauthd.conf` via `setup-stack.sh:_setup_sasulauthd()`
|
||||
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]
|
||||
then
|
||||
_log 'trace' 'Setting SASLSAUTH-LDAP variables nnow'
|
||||
|
||||
VARS[SASLAUTHD_LDAP_AUTH_METHOD]="${SASLAUTHD_LDAP_AUTH_METHOD:=bind}"
|
||||
VARS[SASLAUTHD_LDAP_BIND_DN]="${SASLAUTHD_LDAP_BIND_DN:=${LDAP_BIND_DN}}"
|
||||
VARS[SASLAUTHD_LDAP_FILTER]="${SASLAUTHD_LDAP_FILTER:=(&(uniqueIdentifier=%u)(mailEnabled=TRUE))}"
|
||||
VARS[SASLAUTHD_LDAP_PASSWORD]="${SASLAUTHD_LDAP_PASSWORD:=${LDAP_BIND_PW}}"
|
||||
VARS[SASLAUTHD_LDAP_SEARCH_BASE]="${SASLAUTHD_LDAP_SEARCH_BASE:=${LDAP_SEARCH_BASE}}"
|
||||
VARS[SASLAUTHD_LDAP_SERVER]="${SASLAUTHD_LDAP_SERVER:=${LDAP_SERVER_HOST}}"
|
||||
[[ ${SASLAUTHD_LDAP_SERVER} != *'://'* ]] && SASLAUTHD_LDAP_SERVER="ldap://${SASLAUTHD_LDAP_SERVER}"
|
||||
VARS[SASLAUTHD_LDAP_START_TLS]="${SASLAUTHD_LDAP_START_TLS:=no}"
|
||||
VARS[SASLAUTHD_LDAP_TLS_CHECK_PEER]="${SASLAUTHD_LDAP_TLS_CHECK_PEER:=no}"
|
||||
|
||||
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]]
|
||||
then
|
||||
SASLAUTHD_LDAP_TLS_CACERT_FILE=''
|
||||
else
|
||||
SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}"
|
||||
fi
|
||||
VARS[SASLAUTHD_LDAP_TLS_CACERT_FILE]="${SASLAUTHD_LDAP_TLS_CACERT_FILE}"
|
||||
|
||||
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]]
|
||||
then
|
||||
SASLAUTHD_LDAP_TLS_CACERT_DIR=''
|
||||
else
|
||||
SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
|
||||
fi
|
||||
VARS[SASLAUTHD_LDAP_TLS_CACERT_DIR]="${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
|
||||
|
||||
if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]]
|
||||
then
|
||||
SASLAUTHD_LDAP_PASSWORD_ATTR=''
|
||||
else
|
||||
SASLAUTHD_LDAP_PASSWORD_ATTR="ldap_password_attr: ${SASLAUTHD_LDAP_PASSWORD_ATTR}"
|
||||
fi
|
||||
VARS[SASLAUTHD_LDAP_PASSWORD_ATTR]="${SASLAUTHD_LDAP_PASSWORD_ATTR}"
|
||||
|
||||
if [[ -z ${SASLAUTHD_LDAP_MECH} ]]
|
||||
then
|
||||
SASLAUTHD_LDAP_MECH=''
|
||||
else
|
||||
SASLAUTHD_LDAP_MECH="ldap_mech: ${SASLAUTHD_LDAP_MECH}"
|
||||
fi
|
||||
VARS[SASLAUTHD_LDAP_MECH]="${SASLAUTHD_LDAP_MECH}"
|
||||
fi
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue