fripost-ansible - Fripost ansible scripts

	Commit message (Collapse)	Author	Age	Files
*	slapd monitoring.	Guilhem Moulin	2015-06-10	1
\| \| \| \| \|	We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds.
*	Change slapd dump filenames.	Guilhem Moulin	2015-06-07	1
\| \| \| \|	E.g., ‘0.ldif’ → ‘slapd-0.ldif’.
*	Configure Bacula File Daemon / Storage Daemon / Director.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	Using client-side data signing/encryption and wrapping inter-host communication into stunnel.
*	Upgrade the LDAP config to Jessie.	Guilhem Moulin	2015-06-07	1
\|
*	Add a keyring and alternative contact to the LDAP DIT.	Guilhem Moulin	2015-06-07	1
\|
*	Add an LDAP attribute to check if the user wants to use the content filter.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	This decision is left to the MX (as for 'fripostIsStatusActive'), which will set the envelope recipient accordingly.
*	Remove o=mailHosting from the LDAP directory suffix.	Guilhem Moulin	2015-06-07	2
\| \| \| \| \| \|	So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand).
*	Fix the catch-all resolution again.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We introduce a limitation on the domain-aliases: they can't have children (e.g., lists or users) any longer. The whole alias resolution, including catch-alls and domain aliases, is now done in 'virtual_alias_maps'. We stop the resolution by returning a dummy alias A -> A for mailboxes, before trying the catch-all maps. We're still using transport_maps for lists. If it turns out to be a bottleneck due to the high-latency coming from LDAP maps, (and the fact that there is a single qmgr(8) daemon), we could rewrite lists to a dummy subdomain and use a static transport_maps instead: virtual_alias_maps: mylist@example.org -> mylist#example.org@mlmmj.localhost.localdomain transport_maps: mlmmj.localhost.localdomain mlmmj:
*	Remove list commands.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \|	They were only a dirty hack for list commands à la Mailman such as mylist-request. If we are to use another list manager such as mlmmj, which uses a VERP delimiter instead, the problem disappears.
*	Remove the 'fripostLocalAlias' attribute.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \| \| \| \| \| \| \| \|	Instead, we pretend that lists are valid users (via a match in the mailbox_transport_maps) but choose a different transport (with the same request in transport_maps). The advantage is that we get rid of the ugly hack for list transport… A minor drawback is that we now have two LDAP lookups instead of one for non local addresses (ie, everything but reserved addresses). Hopefully the requests are cached; but even if they aren't, querying a local LDAP server is supposed to be cheap.
*	wibble	Guilhem Moulin	2015-06-07	1
\|
*	Include amavisd-new's LDAP schema.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \|	It'd certainly be nicer if we didn't have to deploy amavis' schema everywhere, but we need the 'objectClass' in our replicates, hence they need to be aware of the 'amavisAccount' class.
*	wibble	Guilhem Moulin	2015-06-07	1
\|
*	Reorganization.	Guilhem Moulin	2015-06-07	2