summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-11 01:03:42 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:21 +0200
commitbd92a9f645f53da01c13d1411cef7fe20fdd4503 (patch)
tree1ed620eecf14fcf3c6b6995e91418a4531bd1a80
parent025db13070cabde62aed0b9c694baaaa4538b205 (diff)
wibble
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext4
-rw-r--r--roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext12
-rw-r--r--roles/IMAP/tasks/mda.yml2
-rw-r--r--roles/MX/tasks/main.yml2
-rw-r--r--roles/common-LDAP/tasks/main.yml4
-rw-r--r--roles/common/tasks/firewall.yml2
6 files changed, 14 insertions, 12 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 15eb306..0b38f00 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -20,8 +20,9 @@ passdb {
# driver = ldap
# # This should be a different file from the passdb's, in order to perform
# # asynchronous requests.
+#
# args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
-#
+#
# # Default fields can be used to specify defaults that LDAP may override
# default_fields = home=/home/mail/%d/%n
#}
@@ -31,6 +32,7 @@ passdb {
# <doc/wiki/UserDatabase.Static.txt>
userdb {
driver = static
+
# The MTA has already verified the existence of users when doing alias resolution,
# so we can skip the passdb lookup here.
args = home=/home/mail/%d/%n allow_all_users=yes
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
index 1c504d3..77edba8 100644
--- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
@@ -14,7 +14,7 @@
# by * none
# Space separated list of LDAP hosts to use. host:port is allowed too.
-hosts = localhost
+#hosts =
# LDAP URIs to use. You can use this instead of hosts list. Note that this
# setting isn't supported by all LDAP libraries.
@@ -22,10 +22,10 @@ uris = ldapi://
# Distinguished Name - the username used to login to the LDAP server.
# Leave it commented out to bind anonymously (useful with auth_bind=yes).
-#dn =
+#dn =
# Password for LDAP server, if dn is specified.
-#dnpass =
+#dnpass =
# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
@@ -119,7 +119,7 @@ user_filter =
# password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
-pass_attrs = fvl=user
+pass_attrs =
# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
@@ -128,8 +128,8 @@ pass_attrs = fvl=user
#pass_attrs = uid=user,userPassword=password,\
# homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
-# Filter for password lookups
-pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(isActive=TRUE))
+# Filter for password lookups (ignored for auth binds)
+pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(fripostIsStatusActive=TRUE))
# Attributes and filter to get a list of all users
#iterate_attrs = uid=user
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
index 39938fd..0d41669 100644
--- a/roles/IMAP/tasks/mda.yml
+++ b/roles/IMAP/tasks/mda.yml
@@ -15,8 +15,8 @@
- name: Create directory /etc/postfix-.../virtual
file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
- owner=root group=root
state=directory
+ owner=root group=root
mode=0755
- name: Copy lookups tables
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index e2da61e..1f5136a 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -36,8 +36,8 @@
- name: Create directory /etc/postfix-.../virtual
file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
- owner=root group=root
state=directory
+ owner=root group=root
mode=0755
- name: Copy lookups tables
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 5c993fc..711954c 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -27,8 +27,8 @@
- name: Create directory /var/lib/ldap/fripost
file: path=/var/lib/ldap/fripost
- owner=openldap group=openldap
state=directory
+ owner=openldap group=openldap
mode=0700
- name: Copy /var/lib/ldap/fripost/DB_CONFIG
@@ -43,8 +43,8 @@
- name: Create directory /etc/ldap/fripost
file: path=/etc/ldap/fripost
- owner=root group=root
state=directory
+ owner=root group=root
mode=0755
- name: Copy fripost database definition
diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
index 9ed2f72..29c0e2b 100644
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -7,8 +7,8 @@
- name: Create directory /etc/iptables
file: path=/etc/iptables
- owner=root group=root
state=directory
+ owner=root group=root
mode=0755
- name: Generate /etc/iptables/services