diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-11 01:03:42 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:21 +0200 |
commit | bd92a9f645f53da01c13d1411cef7fe20fdd4503 (patch) | |
tree | 1ed620eecf14fcf3c6b6995e91418a4531bd1a80 | |
parent | 025db13070cabde62aed0b9c694baaaa4538b205 (diff) |
wibble
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext | 4 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | 12 | ||||
-rw-r--r-- | roles/IMAP/tasks/mda.yml | 2 | ||||
-rw-r--r-- | roles/MX/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/common-LDAP/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/common/tasks/firewall.yml | 2 |
6 files changed, 14 insertions, 12 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext index 15eb306..0b38f00 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext @@ -20,8 +20,9 @@ passdb { # driver = ldap # # This should be a different file from the passdb's, in order to perform # # asynchronous requests. +# # args = /etc/dovecot/dovecot-ldap-userdb.conf.ext -# +# # # Default fields can be used to specify defaults that LDAP may override # default_fields = home=/home/mail/%d/%n #} @@ -31,6 +32,7 @@ passdb { # <doc/wiki/UserDatabase.Static.txt> userdb { driver = static + # The MTA has already verified the existence of users when doing alias resolution, # so we can skip the passdb lookup here. args = home=/home/mail/%d/%n allow_all_users=yes diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext index 1c504d3..77edba8 100644 --- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext @@ -14,7 +14,7 @@ # by * none # Space separated list of LDAP hosts to use. host:port is allowed too. -hosts = localhost +#hosts = # LDAP URIs to use. You can use this instead of hosts list. Note that this # setting isn't supported by all LDAP libraries. @@ -22,10 +22,10 @@ uris = ldapi:// # Distinguished Name - the username used to login to the LDAP server. # Leave it commented out to bind anonymously (useful with auth_bind=yes). -#dn = +#dn = # Password for LDAP server, if dn is specified. -#dnpass = +#dnpass = # Use SASL binding instead of the simple binding. Note that this changes # ldap_version automatically to be 3 if it's lower. Also note that SASL binds @@ -119,7 +119,7 @@ user_filter = # password: Password, may optionally start with {type}, eg. {crypt} # There are also other special fields which can be returned, see # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields -pass_attrs = fvl=user +pass_attrs = # If you wish to avoid two LDAP lookups (passdb + userdb), you can use # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll @@ -128,8 +128,8 @@ pass_attrs = fvl=user #pass_attrs = uid=user,userPassword=password,\ # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid -# Filter for password lookups -pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(isActive=TRUE)) +# Filter for password lookups (ignored for auth binds) +pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(fripostIsStatusActive=TRUE)) # Attributes and filter to get a list of all users #iterate_attrs = uid=user diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml index 39938fd..0d41669 100644 --- a/roles/IMAP/tasks/mda.yml +++ b/roles/IMAP/tasks/mda.yml @@ -15,8 +15,8 @@ - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual - owner=root group=root state=directory + owner=root group=root mode=0755 - name: Copy lookups tables diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml index e2da61e..1f5136a 100644 --- a/roles/MX/tasks/main.yml +++ b/roles/MX/tasks/main.yml @@ -36,8 +36,8 @@ - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual - owner=root group=root state=directory + owner=root group=root mode=0755 - name: Copy lookups tables diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index 5c993fc..711954c 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -27,8 +27,8 @@ - name: Create directory /var/lib/ldap/fripost file: path=/var/lib/ldap/fripost - owner=openldap group=openldap state=directory + owner=openldap group=openldap mode=0700 - name: Copy /var/lib/ldap/fripost/DB_CONFIG @@ -43,8 +43,8 @@ - name: Create directory /etc/ldap/fripost file: path=/etc/ldap/fripost - owner=root group=root state=directory + owner=root group=root mode=0755 - name: Copy fripost database definition diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml index 9ed2f72..29c0e2b 100644 --- a/roles/common/tasks/firewall.yml +++ b/roles/common/tasks/firewall.yml @@ -7,8 +7,8 @@ - name: Create directory /etc/iptables file: path=/etc/iptables - owner=root group=root state=directory + owner=root group=root mode=0755 - name: Generate /etc/iptables/services |