update params template and move mailserver stuff
This commit is contained in:
Asif Bacchus
parent
b23afe500d
commit
edba57caaf
@ -11,13 +11,18 @@
|
|||||||
#
|
#
|
||||||
# Instead of typing a myriad of "-e ...", you can fill them all out in this
|
# Instead of typing a myriad of "-e ...", you can fill them all out in this
|
||||||
# file and then use "--env-file ab-openldap.params" to tell docker to source
|
# file and then use "--env-file ab-openldap.params" to tell docker to source
|
||||||
# it's variables from here. You can also combine both methods if you like.
|
# its variables from here. You can also combine both methods if you like.
|
||||||
# Most important, if you're using the convenience script, it draws all info from
|
# Most important, if you're using the convenience script, it draws all info from
|
||||||
# this file!
|
# this file!
|
||||||
#
|
#
|
||||||
# You should probably protect this file via file permissions since it likely
|
# You should probably protect this file via file permissions since it likely
|
||||||
# will contain things like passwords! Suggest restricting it to root only
|
# will contain things like passwords! Suggest restricting it to root only
|
||||||
# ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms
|
# ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms
|
||||||
|
#
|
||||||
|
# N.B. If you change the convenience script name, you must also change this
|
||||||
|
# file's name to match.
|
||||||
|
# ex: script name is 'runldap.sh' --> this file must be 'runldap.params'
|
||||||
|
#
|
||||||
###
|
###
|
||||||
|
|
||||||
### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
|
### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
|
||||||
@ -70,5 +75,24 @@ ANONYMOUS_BINDING=yes
|
|||||||
# variable commented-out if you don't have any LDIFs to apply.
|
# variable commented-out if you don't have any LDIFs to apply.
|
||||||
# MY_LDIF=/path/to/my/LDIFs
|
# MY_LDIF=/path/to/my/LDIFs
|
||||||
|
|
||||||
|
### Enable checking passwords against IMAP/S server
|
||||||
|
#
|
||||||
|
# Setting the DOMAILAUTH variable to '1' tells openLDAP to verify SASL passwords
|
||||||
|
# in the directory against an IMAP/S remote host. In other words, any user with
|
||||||
|
# a password '{SASL}user@server.tld' will have their password checked by the
|
||||||
|
# IMAP/S server using the provided email address and a 'NO/OK' reponse is fed
|
||||||
|
# back to openLDAP. Please note, the remote mailserver *must* support IMAP/S
|
||||||
|
# (i.e. secured IMAP).
|
||||||
|
#
|
||||||
|
# Specify the remote mailserver hostname using the MAILSERVER variable.
|
||||||
|
#
|
||||||
|
# If the remote mailserver implements IMAP/S (secure IMAP) on a non-standard
|
||||||
|
# port (not port 993) then supply that using the MAILAUTHPORT variable.
|
||||||
|
#
|
||||||
|
# More details can be found in the wiki.
|
||||||
|
###
|
||||||
|
#DOMAILAUTH=0
|
||||||
|
#MAILSERVER=mail.myserver.tld
|
||||||
|
#MAILAUTHPORT=imaps
|
||||||
|
|
||||||
#EOF
|
#EOF
|
||||||
@ -70,7 +70,7 @@ scriptHelp () {
|
|||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "If you run the script with no parameters, it will execute the container 'normally'. That is: Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets as root with *unrestricted* access to all DITs and objects."
|
textblock "If you run the script with no parameters, it will execute the container 'normally'. That is: Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets as root with *unrestricted* access to all DITs and objects."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "Specifying the '--mailserver mail.server.tld' option, tells openLDAP to verify SASL passwords in the directory against an IMAP/S remote host. In other words, any user with a password '{SASL}user@server.tld' will have their password checked by the IMAP/S server using the provided email address and a 'NO/OK' reponse is fed back to openLDAP. Please note 2 things: You *must* provide the hostname of a mailserver after the '--mailserver' switch; and the remote server *must* implement IMAP/S. More details can be found in the wiki."
|
textblock "If you want to verify SASL passwords against an IMAP/S server, please refer to the '.params' template file and the wiki for more information."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
|
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
@ -89,12 +89,6 @@ scriptHelp () {
|
|||||||
textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
|
textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
|
||||||
textblock "Change the name of the docker volume used to persist LDIFs."
|
textblock "Change the name of the docker volume used to persist LDIFs."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${cyan}--mailserver ${magenta}mail.server.tld${norm}"
|
|
||||||
textblock "Verify SASL passwords against 'mail.server.tld'. Replace with proper mailserver hostname. Mailserver MUST support IMAP/S."
|
|
||||||
printf "\n"
|
|
||||||
textblock "${cyan}--mailserver-port ${yellow}(imaps)${norm}"
|
|
||||||
textblock "If your IMAP/S server uses a non-standard IMAP/S port (not 993) then specify it here. This parameter is ignored if not using '--mailserver'."
|
|
||||||
printf "\n"
|
|
||||||
textblock "${cyan}--rm|--remove${norm}"
|
textblock "${cyan}--rm|--remove${norm}"
|
||||||
textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
|
textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
@ -181,22 +175,6 @@ while [ $# -gt 0 ]; do
|
|||||||
volume_ldif="$2"
|
volume_ldif="$2"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--mailserver)
|
|
||||||
# mailserver for IMAP/S password verification
|
|
||||||
if [ -z "$2" ]; then
|
|
||||||
consoleError '1' 'You must specify a mailserver hostname when using --mailserver.'
|
|
||||||
fi
|
|
||||||
mailserver="$2"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--mailserver-port)
|
|
||||||
# specify IMAP/S port for mailserver
|
|
||||||
if [ -z "$2" ]; then
|
|
||||||
consoleError '1' 'You must specify a port when using --mailserver-port.'
|
|
||||||
fi
|
|
||||||
mailserver_port="$2"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--backupdir)
|
--backupdir)
|
||||||
# location of backup files to restore
|
# location of backup files to restore
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user