update params template and move mailserver stuff

This commit is contained in:
Asif Bacchus 2020-09-14 16:21:58 -06:00
parent b23afe500d
commit edba57caaf
2 changed files with 34 additions and 32 deletions

View File

@ -11,13 +11,18 @@
# #
# Instead of typing a myriad of "-e ...", you can fill them all out in this # Instead of typing a myriad of "-e ...", you can fill them all out in this
# file and then use "--env-file ab-openldap.params" to tell docker to source # file and then use "--env-file ab-openldap.params" to tell docker to source
# it's variables from here. You can also combine both methods if you like. # its variables from here. You can also combine both methods if you like.
# Most important, if you're using the convenience script, it draws all info from # Most important, if you're using the convenience script, it draws all info from
# this file! # this file!
# #
# You should probably protect this file via file permissions since it likely # You should probably protect this file via file permissions since it likely
# will contain things like passwords! Suggest restricting it to root only # will contain things like passwords! Suggest restricting it to root only
# ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms # ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms
#
# N.B. If you change the convenience script name, you must also change this
# file's name to match.
# ex: script name is 'runldap.sh' --> this file must be 'runldap.params'
#
### ###
### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) ### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
@ -70,5 +75,24 @@ ANONYMOUS_BINDING=yes
# variable commented-out if you don't have any LDIFs to apply. # variable commented-out if you don't have any LDIFs to apply.
# MY_LDIF=/path/to/my/LDIFs # MY_LDIF=/path/to/my/LDIFs
### Enable checking passwords against IMAP/S server
#
# Setting the DOMAILAUTH variable to '1' tells openLDAP to verify SASL passwords
# in the directory against an IMAP/S remote host. In other words, any user with
# a password '{SASL}user@server.tld' will have their password checked by the
# IMAP/S server using the provided email address and a 'NO/OK' reponse is fed
# back to openLDAP. Please note, the remote mailserver *must* support IMAP/S
# (i.e. secured IMAP).
#
# Specify the remote mailserver hostname using the MAILSERVER variable.
#
# If the remote mailserver implements IMAP/S (secure IMAP) on a non-standard
# port (not port 993) then supply that using the MAILAUTHPORT variable.
#
# More details can be found in the wiki.
###
#DOMAILAUTH=0
#MAILSERVER=mail.myserver.tld
#MAILAUTHPORT=imaps
#EOF #EOF

View File

@ -70,7 +70,7 @@ scriptHelp () {
printf "\n" printf "\n"
textblock "If you run the script with no parameters, it will execute the container 'normally'. That is: Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets as root with *unrestricted* access to all DITs and objects." textblock "If you run the script with no parameters, it will execute the container 'normally'. That is: Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets as root with *unrestricted* access to all DITs and objects."
printf "\n" printf "\n"
textblock "Specifying the '--mailserver mail.server.tld' option, tells openLDAP to verify SASL passwords in the directory against an IMAP/S remote host. In other words, any user with a password '{SASL}user@server.tld' will have their password checked by the IMAP/S server using the provided email address and a 'NO/OK' reponse is fed back to openLDAP. Please note 2 things: You *must* provide the hostname of a mailserver after the '--mailserver' switch; and the remote server *must* implement IMAP/S. More details can be found in the wiki." textblock "If you want to verify SASL passwords against an IMAP/S server, please refer to the '.params' template file and the wiki for more information."
printf "\n" printf "\n"
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'" textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
printf "\n" printf "\n"
@ -89,12 +89,6 @@ scriptHelp () {
textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}" textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
textblock "Change the name of the docker volume used to persist LDIFs." textblock "Change the name of the docker volume used to persist LDIFs."
printf "\n" printf "\n"
textblock "${cyan}--mailserver ${magenta}mail.server.tld${norm}"
textblock "Verify SASL passwords against 'mail.server.tld'. Replace with proper mailserver hostname. Mailserver MUST support IMAP/S."
printf "\n"
textblock "${cyan}--mailserver-port ${yellow}(imaps)${norm}"
textblock "If your IMAP/S server uses a non-standard IMAP/S port (not 993) then specify it here. This parameter is ignored if not using '--mailserver'."
printf "\n"
textblock "${cyan}--rm|--remove${norm}" textblock "${cyan}--rm|--remove${norm}"
textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits." textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
printf "\n" printf "\n"
@ -181,22 +175,6 @@ while [ $# -gt 0 ]; do
volume_ldif="$2" volume_ldif="$2"
shift shift
;; ;;
--mailserver)
# mailserver for IMAP/S password verification
if [ -z "$2" ]; then
consoleError '1' 'You must specify a mailserver hostname when using --mailserver.'
fi
mailserver="$2"
shift
;;
--mailserver-port)
# specify IMAP/S port for mailserver
if [ -z "$2" ]; then
consoleError '1' 'You must specify a port when using --mailserver-port.'
fi
mailserver_port="$2"
shift
;;
--backupdir) --backupdir)
# location of backup files to restore # location of backup files to restore
if [ -z "$2" ]; then if [ -z "$2" ]; then