Fanch
1 year ago
11 changed files with 268 additions and 19 deletions
@ -0,0 +1,80 @@ |
|||
#!/bin/bash |
|||
|
|||
KAZ_ROOT=/kaz |
|||
. $KAZ_ROOT/bin/.commonFunctions.sh |
|||
setKazVars |
|||
|
|||
. $DOCKERS_ENV |
|||
. $KAZ_ROOT/secret/SetAllPass.sh |
|||
|
|||
SOURCE=/kaz/dockers/postfix/config/postfix-accounts.cf |
|||
|
|||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) |
|||
|
|||
for line in `cat ${SOURCE}` |
|||
do |
|||
mail=$(echo $line | awk -F '|' '{print $1}') |
|||
user=$(echo $mail | awk -F '@' '{print $1}') |
|||
domain=$(echo $mail | awk -F '@' '{print $2}') |
|||
pass=$(echo $line | awk -F '|' '{print $2}' | sed -e "s/SHA512-//") |
|||
echo -e "\n\ndn: cn=${mail},ou=users,${ldap_root}\n\ |
|||
changeType: add\n\ |
|||
objectclass: inetOrgPerson\n\ |
|||
objectClass: organizationalPerson\n\ |
|||
objectClass: person\n\ |
|||
objectClass: top\n\ |
|||
objectClass: PostfixBookMailAccount\n\ |
|||
objectClass: extensibleObject\n\ |
|||
sn: ${mail}\n\ |
|||
mail: ${mail}\n\ |
|||
\n\n\ |
|||
dn: cn=${mail},ou=users,${ldap_root}\n\ |
|||
changeType: modify |
|||
replace: sn\n\ |
|||
sn: ${mail}\n\ |
|||
-\n\ |
|||
replace: mail\n\ |
|||
mail: ${mail}\n\ |
|||
-\n\ |
|||
replace: mailEnabled\n\ |
|||
mailEnabled: TRUE\n\ |
|||
-\n\ |
|||
replace: mailGidNumber\n\ |
|||
mailGidNumber: 5000\n\ |
|||
-\n\ |
|||
replace: mailHomeDirectory\n\ |
|||
mailHomeDirectory: /var/mail/${domain}/${user}/\n\ |
|||
-\n\ |
|||
replace: mailQuota\n\ |
|||
mailQuota: 10240\n\ |
|||
-\n\ |
|||
replace: mailStorageDirectory\n\ |
|||
mailStorageDirectory: maildir:/var/mail/${domain}/${user}/\n\ |
|||
-\n\ |
|||
replace: mailUidNumber\n\ |
|||
mailUidNumber: 5000\n\ |
|||
-\n\ |
|||
replace: uniqueIdentifier\n\ |
|||
uniqueIdentifier: ${mail}\n\ |
|||
-\n\ |
|||
replace: userPassword\n\ |
|||
userPassword: $pass\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "${ldap_LDAP_ADMIN_BIND_DN}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} |
|||
done |
|||
|
|||
OLDIFS=${IFS} |
|||
IFS=$'\n' |
|||
ALIASES="/kaz/dockers/postfix/config/postfix-virtual.cf" |
|||
for line in `cat ${ALIASES}` |
|||
do |
|||
LIST="" |
|||
mail=$(echo $line | awk -F '[[:space:]]*' '{print $2}') |
|||
for alias in `grep ${mail} ${ALIASES} | cut -d' ' -f1` |
|||
do |
|||
LIST=${LIST}"mailAlias: $alias\n" |
|||
done |
|||
echo -e "dn: cn=${mail},ou=users,${ldap_root}\n\ |
|||
changeType: modify |
|||
replace: mailAlias\n\ |
|||
$LIST\n\n" | ldapmodify -c -H ldap://${LDAP_IP} -D "${ldap_LDAP_ADMIN_BIND_DN}" -x -w ${ldap_LDAP_ADMIN_PASSWORD} |
|||
done |
|||
IFS=${OLDIFS} |
@ -0,0 +1,7 @@ |
|||
dn: olcDatabase={2}mdb,cn=config |
|||
changeType: modify |
|||
replace: olcAccess |
|||
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="$BINDDN" write by * none |
|||
olcAccess: {1}to dn.base="" by * read |
|||
olcAccess: {2}to dn.base="ou=users,$LDAPROOT" by users read |
|||
olcAccess: {3}to * by self write by dn="$BINDDN" write by * read |
@ -0,0 +1,29 @@ |
|||
# docker exec -it ldapServ ldapsearch -x -b "$LDAPROOT" |
|||
|
|||
dn: $LDAPROOT |
|||
objectClass: dcObject |
|||
objectClass: organization |
|||
dc: $DC |
|||
o: example |
|||
|
|||
dn: ou=users,$LDAPROOT |
|||
objectClass: organizationalUnit |
|||
ou: users |
|||
|
|||
dn: cn=nobody,ou=users,$LDAPROOT |
|||
cn: nobody |
|||
sn: nobody |
|||
objectClass: inetOrgPerson |
|||
objectClass: posixAccount |
|||
objectClass: shadowAccount |
|||
userPassword: $NOBODYPASSWORD |
|||
uid: nobody |
|||
uidNumber: 1000 |
|||
gidNumber: 1000 |
|||
homeDirectory: /home/nobody |
|||
|
|||
|
|||
dn: cn=readers,ou=users,$LDAPROOT |
|||
cn: readers |
|||
objectClass: groupOfNames |
|||
member: cn=nobody,ou=users,$LDAPROOT |
@ -0,0 +1,84 @@ |
|||
#!/bin/bash |
|||
|
|||
SERV_DIR=$(cd $(dirname $0); pwd) |
|||
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) |
|||
. "${KAZ_ROOT}/bin/.commonFunctions.sh" |
|||
setKazVars |
|||
|
|||
cd $(dirname $0) |
|||
. "${DOCKERS_ENV}" |
|||
. "${KAZ_KEY_DIR}/env-${ldapServName}" |
|||
. "${KAZ_KEY_DIR}/env-${ldapUIName}" |
|||
|
|||
|
|||
checkDockerRunning "${ldapServName}" "LDAP" || exit |
|||
|
|||
printKazMsg "\n *** Premier lancement de LDAP : Mise en place des ACL" |
|||
|
|||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ) |
|||
MAIL_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' mailServ) |
|||
|
|||
docker exec ${ldapUIName} bash -c "echo '${MAIL_IP} ${smtpHost}.${domain}' >> /etc/hosts" |
|||
|
|||
BINDDN=cn=${LDAP_ADMIN_USERNAME},${ldap_root} |
|||
DC=$(echo ${ldap_root} | cut -d',' -f1 | cut -d'=' -f2) |
|||
|
|||
cp acl.ldif.tmpl acl.ldif |
|||
sed -i -e "s/\$BINDDN/${BINDDN}/g" acl.ldif |
|||
sed -i -e "s/\$LDAPROOT/${ldap_root}/g" acl.ldif |
|||
|
|||
cp bootstrap.ldif.tmpl bootstrap.ldif |
|||
sed -i -e "s/\$LDAPROOT/${ldap_root}/g" bootstrap.ldif |
|||
sed -i -e "s/\$DC/${DC}/g" bootstrap.ldif |
|||
sed -i -e "s%\$NOBODYPASSWORD%\{CRYPT\}`mkpasswd -m sha512crypt ${LDAP_NOBODY_PASSWORD}`%g" bootstrap.ldif |
|||
|
|||
ldapadd -H ldap://$LDAP_IP -D "cn=${LDAP_CONFIG_ADMIN_USERNAME},cn=config" -w ${LDAP_CONFIG_ADMIN_PASSWORD} -f acl.ldif |
|||
ldapadd -H ldap://$LDAP_IP -D "cn=${LDAP_CONFIG_ADMIN_USERNAME},cn=config" -w ${LDAP_CONFIG_ADMIN_PASSWORD} -f postfixbook.ldif |
|||
ldapadd -H ldap://$LDAP_IP -D "${BINDDN}" -w ${LDAP_ADMIN_PASSWORD} -f bootstrap.ldif |
|||
|
|||
CONFIG_IHM="${DOCK_VOL}/ldap_configSSP/_data/config.inc.php" |
|||
|
|||
updateVarInConf(){ |
|||
# $1 key |
|||
# $2 val |
|||
# $3 file |
|||
# $4 : vide => la valeur sera encadré par des guillement, sinon c'est du php |
|||
if grep -q "\$$1" "$3" ; then |
|||
echo " update ${CYAN}${BOLD}$1${NC} => $2" |
|||
# !!! les valeur ne doivent pas contenir le caractère '%' |
|||
if [ -z "$4" ]; then |
|||
sed -i -e "s%^\s*\(\$$1\s*=\).*$%\1 \"$2\";%" "$3" |
|||
else |
|||
sed -i -e "s%^\s*\(\$$1\s*=\).*$%\1 $2;%" "$3" |
|||
fi |
|||
else |
|||
echo " add ${CYAN}${BOLD}$1${NC} => $2" |
|||
if [ -z "$4" ]; then |
|||
echo "\$$1 = \"$2\";" >> "$3" |
|||
else |
|||
echo "\$$1 = $2;" >> "$3" |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
updateVarInConf "ldap_url" "${LDAP_URI}" "${CONFIG_IHM}" |
|||
updateVarInConf "ldap_binddn" "${LDAP_ADMIN_BIND_DN}" "${CONFIG_IHM}" |
|||
updateVarInConf "ldap_bindpw" "${LDAP_ADMIN_BIND_PWD}" "${CONFIG_IHM}" |
|||
updateVarInConf "ldap_base" "${LDAP_BASE_DN}" "${CONFIG_IHM}" |
|||
updateVarInConf "ldap_login_attribute" "sn" "${CONFIG_IHM}" |
|||
updateVarInConf "hash" "CRYPT" "${CONFIG_IHM}" |
|||
updateVarInConf "use_questions" "false" "${CONFIG_IHM}" "php" |
|||
updateVarInConf "mail_from" "admin@${domain}" "${CONFIG_IHM}" |
|||
updateVarInConf "mail_from_name" "Récupération de mot de passe Kaz" "${CONFIG_IHM}" |
|||
updateVarInConf "mail_smtp_host" "${smtpHost}.${domain}" "${CONFIG_IHM}" |
|||
updateVarInConf "use_sms" "false" "${CONFIG_IHM}" "php" |
|||
updateVarInConf "keyphrase" "apOcfivnart+Osh2" "${CONFIG_IHM}" |
|||
updateVarInConf "lang" "fr" "${CONFIG_IHM}" |
|||
updateVarInConf "allowed_lang" "array('fr', 'br');" "${CONFIG_IHM}" "php" |
|||
#updateVarInConf "prehook_password_encodebase64" "true" "${CONFIG_IHM}" |
|||
#updateVarInConf "posthook_password_encodebase64" "true" "${CONFIG_IHM}" |
|||
updateVarInConf "mail_smtp_secure" "tls" "${CONFIG_IHM}" |
|||
updateVarInConf "mail_address_use_ldap" "true" "${CONFIG_IHM}" |
|||
|
|||
|
|||
docker cp "${KAZ_BIN_DIR}/look/kaz/kaz-tete.png" "${ldapUIName}:/var/www/html/images/ltb-logo.png" |
@ -0,0 +1,41 @@ |
|||
dn: cn=postfixbook,cn=schema,cn=config |
|||
objectClass: olcSchemaConfig |
|||
cn: postfixbook |
|||
olcAttributeTypes: {0}( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory' DE |
|||
SC 'The absolute path to the mail user home directory' EQUALITY caseExactIA |
|||
5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) |
|||
olcAttributeTypes: {1}( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias' DESC 'RFC8 |
|||
22 Mailbox - mail alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su |
|||
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) |
|||
olcAttributeTypes: {2}( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber' DESC ' |
|||
UID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4. |
|||
1.1466.115.121.1.27 SINGLE-VALUE ) |
|||
olcAttributeTypes: {3}( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber' DESC ' |
|||
GID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4. |
|||
1.1466.115.121.1.27 SINGLE-VALUE ) |
|||
olcAttributeTypes: {4}( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled' DESC 'TR |
|||
UE to enable, FALSE to disable account' EQUALITY booleanMatch SYNTAX 1.3.6. |
|||
1.4.1.1466.115.121.1.7 SINGLE-VALUE ) |
|||
olcAttributeTypes: {5}( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember' DESC |
|||
'Name of a mail distribution list' EQUALITY caseExactIA5Match SYNTAX 1.3.6 |
|||
.1.4.1.1466.115.121.1.26 ) |
|||
olcAttributeTypes: {6}( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota' DESC 'Mail |
|||
quota limit in kilobytes' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.14 |
|||
66.115.121.1.26 ) |
|||
olcAttributeTypes: {7}( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory' |
|||
DESC 'The absolute path to the mail users mailbox' EQUALITY caseExactIA5Ma |
|||
tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) |
|||
olcAttributeTypes: {8}( 1.3.6.1.4.1.29426.1.10.9 NAME 'mailSieveRuleSource' |
|||
DESC 'Sun ONE Messaging Server defined attribute' SYNTAX 1.3.6.1.4.1.1466.1 |
|||
15.121.1.26 X-ORIGIN 'Sun ONE Messaging Server' ) |
|||
olcAttributeTypes: {9}( 1.3.6.1.4.1.29426.1.10.10 NAME 'mailForwardingAddres |
|||
s' DESC 'Address(es) to forward all incoming messages to.' EQUALITY caseIgn |
|||
oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{320} ) |
|||
olcObjectClasses: {0}( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccoun |
|||
t' DESC 'Mail account used in Postfix Book' SUP top AUXILIARY MUST mail MAY |
|||
( mailHomeDirectory $ mailAlias $ mailGroupMember $ mailUidNumber $ mailGi |
|||
dNumber $ mailEnabled $ mailQuota $ mailStorageDirectory $ mailSieveRuleSou |
|||
rce ) ) |
|||
olcObjectClasses: {1}( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForwar |
|||
d' DESC 'Mail forward used in Postfix Book' SUP top AUXILIARY MUST ( mail $ |
|||
mailAlias ) MAY mailForwardingAddress ) |
@ -1,8 +1,5 @@ |
|||
LDAP_ADMIN_USERNAME= |
|||
LDAP_ADMIN_PASSWORD= |
|||
LDAP_ENABLE_TLS= |
|||
|
|||
LDAP_TLS_CERT_FILE= |
|||
LDAP_TLS_KEY_FILE= |
|||
LDAP_TLS_CA_FILE= |
|||
LDAP_TLS_DH_PARAMS_FILE= |
|||
LDAP_CONFIG_ADMIN_USERNAME= |
|||
-LDAP_CONFIG_ADMIN_PASSWORD= |
|||
-LDAP_NOBODY_PASSWORD= |
|||
|
Loading…
Reference in new issue