From bd92a9f645f53da01c13d1411cef7fe20fdd4503 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 11 Dec 2013 01:03:42 +0100
Subject: wibble

---
 roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext |  4 +++-
 roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext     | 12 ++++++------
 roles/IMAP/tasks/mda.yml                               |  2 +-
 roles/MX/tasks/main.yml                                |  2 +-
 roles/common-LDAP/tasks/main.yml                       |  4 ++--
 roles/common/tasks/firewall.yml                        |  2 +-
 6 files changed, 14 insertions(+), 12 deletions(-)

(limited to 'roles')

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 15eb306..0b38f00 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -20,8 +20,9 @@ passdb {
 #  driver = ldap
 #  # This should be a different file from the passdb's, in order to perform
 #  # asynchronous requests.
+#
 #  args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
-#  
+#
 #  # Default fields can be used to specify defaults that LDAP may override
 #  default_fields = home=/home/mail/%d/%n
 #}
@@ -31,6 +32,7 @@ passdb {
 # <doc/wiki/UserDatabase.Static.txt>
 userdb {
   driver = static
+
   # The MTA has already verified the existence of users when doing alias resolution,
   # so we can skip the passdb lookup here.
   args = home=/home/mail/%d/%n allow_all_users=yes
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
index 1c504d3..77edba8 100644
--- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
@@ -14,7 +14,7 @@
 #        by * none
 
 # Space separated list of LDAP hosts to use. host:port is allowed too.
-hosts = localhost
+#hosts =
 
 # LDAP URIs to use. You can use this instead of hosts list. Note that this
 # setting isn't supported by all LDAP libraries.
@@ -22,10 +22,10 @@ uris = ldapi://
 
 # Distinguished Name - the username used to login to the LDAP server.
 # Leave it commented out to bind anonymously (useful with auth_bind=yes).
-#dn = 
+#dn =
 
 # Password for LDAP server, if dn is specified.
-#dnpass = 
+#dnpass =
 
 # Use SASL binding instead of the simple binding. Note that this changes
 # ldap_version automatically to be 3 if it's lower. Also note that SASL binds
@@ -119,7 +119,7 @@ user_filter =
 #  password: Password, may optionally start with {type}, eg. {crypt}
 # There are also other special fields which can be returned, see
 # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
-pass_attrs = fvl=user
+pass_attrs =
 
 # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
 # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
@@ -128,8 +128,8 @@ pass_attrs = fvl=user
 #pass_attrs = uid=user,userPassword=password,\
 #  homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
 
-# Filter for password lookups
-pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(isActive=TRUE))
+# Filter for password lookups (ignored for auth binds)
+pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(fripostIsStatusActive=TRUE))
 
 # Attributes and filter to get a list of all users
 #iterate_attrs = uid=user
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
index 39938fd..0d41669 100644
--- a/roles/IMAP/tasks/mda.yml
+++ b/roles/IMAP/tasks/mda.yml
@@ -15,8 +15,8 @@
 
 - name: Create directory /etc/postfix-.../virtual
   file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
-        owner=root group=root
         state=directory
+        owner=root group=root
         mode=0755
 
 - name: Copy lookups tables
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index e2da61e..1f5136a 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -36,8 +36,8 @@
 
 - name: Create directory /etc/postfix-.../virtual
   file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
-        owner=root group=root
         state=directory
+        owner=root group=root
         mode=0755
 
 - name: Copy lookups tables
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 5c993fc..711954c 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -27,8 +27,8 @@
 
 - name: Create directory /var/lib/ldap/fripost
   file: path=/var/lib/ldap/fripost
-        owner=openldap group=openldap
         state=directory
+        owner=openldap group=openldap
         mode=0700
 
 - name: Copy /var/lib/ldap/fripost/DB_CONFIG
@@ -43,8 +43,8 @@
 
 - name: Create directory /etc/ldap/fripost
   file: path=/etc/ldap/fripost
-        owner=root group=root
         state=directory
+        owner=root group=root
         mode=0755
 
 - name: Copy fripost database definition
diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
index 9ed2f72..29c0e2b 100644
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -7,8 +7,8 @@
 
 - name: Create directory /etc/iptables
   file: path=/etc/iptables
-        owner=root group=root
         state=directory
+        owner=root group=root
         mode=0755
 
 - name: Generate /etc/iptables/services
-- 
cgit v1.2.3