From a552f67e9433a476c49db0b7166538f1d3d68f47 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 11 Feb 2020 22:24:42 +0100 Subject: WIP (not tested) switch Postfix to bottin2 and use separate secrets --- consul/configuration/email/postfix/ldap-account.cf.sample | 12 ------------ consul/configuration/email/postfix/ldap-account.cf.tpl | 12 ++++++++++++ consul/configuration/email/postfix/ldap-alias.cf.sample | 9 --------- consul/configuration/email/postfix/ldap-alias.cf.tpl | 9 +++++++++ 4 files changed, 21 insertions(+), 21 deletions(-) delete mode 100644 consul/configuration/email/postfix/ldap-account.cf.sample create mode 100644 consul/configuration/email/postfix/ldap-account.cf.tpl delete mode 100644 consul/configuration/email/postfix/ldap-alias.cf.sample create mode 100644 consul/configuration/email/postfix/ldap-alias.cf.tpl (limited to 'consul/configuration/email') diff --git a/consul/configuration/email/postfix/ldap-account.cf.sample b/consul/configuration/email/postfix/ldap-account.cf.sample deleted file mode 100644 index 1b90252..0000000 --- a/consul/configuration/email/postfix/ldap-account.cf.sample +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = cn=,dc=deuxfleurs,dc=fr -bind_pw = -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=users,dc=deuxfleurs,dc=fr -query_filter = mail=%s -result_attribute = mail diff --git a/consul/configuration/email/postfix/ldap-account.cf.tpl b/consul/configuration/email/postfix/ldap-account.cf.tpl new file mode 100644 index 0000000..2575f10 --- /dev/null +++ b/consul/configuration/email/postfix/ldap-account.cf.tpl @@ -0,0 +1,12 @@ +bind = yes +bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} +bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} +version = 3 +timeout = 20 +start_tls = no +tls_require_cert = no +server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr +scope = sub +search_base = ou=users,dc=deuxfleurs,dc=fr +query_filter = mail=%s +result_attribute = mail diff --git a/consul/configuration/email/postfix/ldap-alias.cf.sample b/consul/configuration/email/postfix/ldap-alias.cf.sample deleted file mode 100644 index 8ed3361..0000000 --- a/consul/configuration/email/postfix/ldap-alias.cf.sample +++ /dev/null @@ -1,9 +0,0 @@ -server_host = bottin.service.2.cluster.deuxfleurs.fr -server_port = 389 -search_base = dc=deuxfleurs,dc=fr -query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr)) -result_attribute = mail -bind = yes -bind_dn = cn=,dc=deuxfleurs,dc=fr -bind_pw = -version = 3 diff --git a/consul/configuration/email/postfix/ldap-alias.cf.tpl b/consul/configuration/email/postfix/ldap-alias.cf.tpl new file mode 100644 index 0000000..775c0ad --- /dev/null +++ b/consul/configuration/email/postfix/ldap-alias.cf.tpl @@ -0,0 +1,9 @@ +server_host = bottin2.service.2.cluster.deuxfleurs.fr +server_port = 389 +search_base = dc=deuxfleurs,dc=fr +query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr)) +result_attribute = mail +bind = yes +bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} +bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} +version = 3 -- cgit v1.2.3 From cd6da5d52f7e869c83e4a55bf762d9d6b0c96b09 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 11 Feb 2020 22:42:28 +0100 Subject: Switch dovecot to bottin2 & put secret in own consul key --- consul/configuration/email/dovecot/dovecot-ldap.conf.sample | 8 -------- consul/configuration/email/dovecot/dovecot-ldap.conf.tpl | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 consul/configuration/email/dovecot/dovecot-ldap.conf.sample create mode 100644 consul/configuration/email/dovecot/dovecot-ldap.conf.tpl (limited to 'consul/configuration/email') diff --git a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample b/consul/configuration/email/dovecot/dovecot-ldap.conf.sample deleted file mode 100644 index 4848d6e..0000000 --- a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample +++ /dev/null @@ -1,8 +0,0 @@ -hosts = bottin.service.2.cluster.deuxfleurs.fr -dn = cn=,dc=deuxfleurs,dc=fr -dnpass = -base = dc=deuxfleurs,dc=fr -scope = subtree -user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) -user_attrs = mail=/var/mail/%{ldap:mail} diff --git a/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl new file mode 100644 index 0000000..9fb1ea6 --- /dev/null +++ b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl @@ -0,0 +1,8 @@ +hosts = bottin2.service.2.cluster.deuxfleurs.fr +dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }} +dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }} +base = dc=deuxfleurs,dc=fr +scope = subtree +user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) +pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr))) +user_attrs = mail=/var/mail/%{ldap:mail} -- cgit v1.2.3 From 9815004324be1d2396ead81a7e8e02bffcfac47b Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 11 Feb 2020 22:57:31 +0100 Subject: Switch sogo to bottin2 with bottin2 upgrade & ACL fix --- consul/configuration/email/sogo/sogo.conf.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'consul/configuration/email') diff --git a/consul/configuration/email/sogo/sogo.conf.tpl b/consul/configuration/email/sogo/sogo.conf.tpl index bb13a83..0b87db7 100644 --- a/consul/configuration/email/sogo/sogo.conf.tpl +++ b/consul/configuration/email/sogo/sogo.conf.tpl @@ -60,7 +60,7 @@ bindFields = (cn, mail); canAuthenticate = YES; displayName = "Bottin"; - hostname = "ldap://bottin.service.2.cluster.deuxfleurs.fr:389"; + hostname = "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389"; id = bottin; isAddressBook = NO; } -- cgit v1.2.3