From 17962c243a2eb7ae40dab7885578736f4d106a72 Mon Sep 17 00:00:00 2001 From: William Desportes Date: Tue, 8 Dec 2020 15:07:01 +0100 Subject: [PATCH] Implement more sasl config options Follow up of: https://github.com/tomav/docker-mailserver/pull/980 Ref: https://github.com/tomav/docker-mailserver/issues/1704 --- README.md | 24 ++++++++++++++++++++++++ mailserver.env | 11 +++++++++++ target/start-mailserver.sh | 17 +++++++++++++++++ 3 files changed, 52 insertions(+) diff --git a/README.md b/README.md index 44c83ab0..74d62838 100644 --- a/README.md +++ b/README.md @@ -808,6 +808,30 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1` - empty or 0 => `ldap://` will be used - 1 => `ldaps://` will be used +##### SASLAUTHD_LDAP_START_TLS + +- **empty** => `no` +- `yes` => Enable `ldap_start_tls` option + +##### SASLAUTHD_LDAP_TLS_CHECK_PEER + +- **empty** => `no` +- `yes` => Enable `ldap_tls_check_peer` option + +##### SASLAUTHD_LDAP_TLS_CACERT_DIR + +Path to directory with CA (Certificate Authority) certificates. + +- **empty** => Nothing is added to the configuration +- Any value => Fills the `ldap_tls_cacert_dir` option + +##### SASLAUTHD_LDAP_TLS_CACERT_FILE + +File containing CA (Certificate Authority) certificate(s). + +- **empty** => Nothing is added to the configuration +- Any value => Fills the `ldap_tls_cacert_file` option + ##### SASLAUTHD_LDAP_BIND_DN - empty => anonymous bind diff --git a/mailserver.env b/mailserver.env index b0fa8591..eb9f7e11 100644 --- a/mailserver.env +++ b/mailserver.env @@ -343,8 +343,19 @@ SASLAUTHD_LDAP_START_TLS= # empty => no # yes => Require and verify server certificate +# If yes you must/could specify SASLAUTHD_LDAP_TLS_CACERT_FILE or SASLAUTHD_LDAP_TLS_CACERT_DIR. SASLAUTHD_LDAP_TLS_CHECK_PEER= +# File containing CA (Certificate Authority) certificate(s). +# empty => Nothing is added to the configuration +# Any value => Fills the `ldap_tls_cacert_file` option +SASLAUTHD_LDAP_TLS_CACERT_FILE= + +# Path to directory with CA (Certificate Authority) certificates. +# empty => Nothing is added to the configuration +# Any value => Fills the `ldap_tls_cacert_dir` option +SASLAUTHD_LDAP_TLS_CACERT_DIR= + # empty => No sasl_passwd will be created # string => `/etc/postfix/sasl_passwd` will be created with the string as password SASL_PASSWD= diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 9cb951b0..7862440b 100755 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -918,6 +918,20 @@ function _setup_saslauthd [[ -z ${SASLAUTHD_LDAP_START_TLS} ]] && SASLAUTHD_LDAP_START_TLS=no [[ -z ${SASLAUTHD_LDAP_TLS_CHECK_PEER} ]] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no + if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]] + then + SASLAUTHD_LDAP_TLS_CACERT_FILE="" + else + SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}" + fi + + if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]] + then + SASLAUTHD_LDAP_TLS_CACERT_DIR="" + else + SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}" + fi + if [[ ! -f /etc/saslauthd.conf ]] then _notify 'inf' "Creating /etc/saslauthd.conf" @@ -934,6 +948,9 @@ ldap_filter: ${SASLAUTHD_LDAP_FILTER} ldap_start_tls: ${SASLAUTHD_LDAP_START_TLS} ldap_tls_check_peer: ${SASLAUTHD_LDAP_TLS_CHECK_PEER} +${SASLAUTHD_LDAP_TLS_CACERT_FILE} +${SASLAUTHD_LDAP_TLS_CACERT_DIR} + ldap_referrals: yes log_level: 10 EOF