From 99dcc255f15503d877b98b76966cc1ac187406cf Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Thu, 15 Feb 2018 21:40:42 +0100 Subject: [PATCH 01/31] build dovecot from source --- Dockerfile | 62 ++++++++++++++++++++++++++++++++++++---------------- i_zero.patch | 12 ---------- 2 files changed, 43 insertions(+), 31 deletions(-) delete mode 100644 i_zero.patch diff --git a/Dockerfile b/Dockerfile index 4f11c89..755fbfc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,54 @@ +FROM alpine as builder + +RUN apk --no-cache add \ + rpcgen \ + g++ \ + make \ + libressl \ + libressl-dev \ + lua-dev \ + openldap-dev \ + libsodium-dev \ + linux-pam-dev \ + zlib-dev \ + bzip2-dev \ + xz-dev \ + lz4-dev \ + icu-dev + +RUN mkdir /tmp/dovecot +RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.0.tar.gz | tar -xz -C /tmp/dovecot --strip 2 + +RUN mkdir /tmp/pigeonhole +RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1 + +RUN cd /tmp/dovecot && \ + ./configure --prefix '' --with-lua --with-zlib --with-bzlib --with-pam --with-ssl=openssl --with-sodium --without-sql --with-ldap --with-lzma --with-lz4 --with-icu --without-shadow --with-ssldir=/etc/ssl/dovecot --with-rundir=/run/dovecot --without-shared-libs && \ + make && \ + make install + +RUN cd /tmp/pigeonhole && \ + ./configure --with-ldap=yes --with-dovecot=/lib/dovecot && \ + make && make install + FROM registry.gitlab.com/thallian/docker-confd-env:master -ADD i_zero.patch /usr/include/dovecot/i_zero.patch +COPY --from=builder /lib/dovecot/ /lib/dovecot/ +COPY --from=builder /bin/doveadm /bin/doveadm +COPY --from=builder /bin/doveconf /bin/doveconf +COPY --from=builder /sbin/dovecot /sbin/dovecot +#COPY --from=builder /share/doc/dovecot/example-config/ /etc/dovecot/ -RUN apk add --no-cache dovecot dovecot-ldap libressl ssmtp ca-certificates g++ openldap-dev dovecot-dev make tar && \ - cd /usr/include/dovecot && \ - patch -p1 < i_zero.patch && \ - rm /usr/include/dovecot/i_zero.patch && \ - mkdir /tmp/pigeonhole && \ - wget -qO- https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.18.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1 && \ - cd /tmp/pigeonhole && \ - ./configure --with-ldap=yes --with-dovecot=/usr/lib/dovecot && \ - make && make install && \ - rm -r /tmp/pigeonhole && \ - apk del g++ openldap-dev dovecot-dev make tar +RUN apk --no-cache add \ + libsodium \ + lua -WORKDIR / - -RUN addgroup -g 2222 access -RUN addgroup dovecot access +RUN addgroup -g 2222 dovecot +RUN adduser -u 2222 -h /home/dovecot -D -G dovecot dovecot RUN addgroup -g 1111 vmail RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail -RUN mkdir /var/lib/vmail/sieve-after/ -RUN chown vmail:vmail /var/lib/vmail/sieve-after/ - EXPOSE 143 4190 6334 7777 VOLUME /var/lib/vmail/mail/ /etc/ssl/mail diff --git a/i_zero.patch b/i_zero.patch deleted file mode 100644 index ecef32e..0000000 --- a/i_zero.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/macros.h b/macros.h -index 566c176..ebbf480 100644 ---- a/macros.h -+++ b/macros.h -@@ -240,4 +240,7 @@ - # define STATIC_ARRAY - #endif - -+#define i_zero(p) memset(p, 0, sizeof(*(p))) -+#define i_zero_safe(p) safe_memset(p, 0, sizeof(*(p))) -+ - #endif From e70287a91d62a9fd624e6912677fb7a3638c9388 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 08:10:09 +0100 Subject: [PATCH 02/31] add new libs --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 755fbfc..3febc26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,11 @@ COPY --from=builder /sbin/dovecot /sbin/dovecot RUN apk --no-cache add \ libsodium \ + libbz2 \ + zlib \ + libressl \ + libressl2.6-libssl \ + libressl2.6-libcrypto \ lua RUN addgroup -g 2222 dovecot From 11d41bcc5bd247c5bb67f8ae1e160e8f583241dc Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 08:28:24 +0100 Subject: [PATCH 03/31] create dovecot config dirs --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3febc26..bba696d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,6 +46,8 @@ RUN apk --no-cache add \ libressl \ libressl2.6-libssl \ libressl2.6-libcrypto \ + ssmtp \ + ca-certificates \ lua RUN addgroup -g 2222 dovecot @@ -54,6 +56,9 @@ RUN adduser -u 2222 -h /home/dovecot -D -G dovecot dovecot RUN addgroup -g 1111 vmail RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail +RUN mkdir -p /etc/dovecot/conf.d +RUN mkdir /var/lib/vmail/sieve-after/ + EXPOSE 143 4190 6334 7777 VOLUME /var/lib/vmail/mail/ /etc/ssl/mail From be4f1734275add19f92836fd9f2889a2bf85ec17 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 08:39:00 +0100 Subject: [PATCH 04/31] add lua ldap --- Dockerfile | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bba696d..4cdf890 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,22 @@ RUN mkdir /tmp/pigeonhole RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1 RUN cd /tmp/dovecot && \ - ./configure --prefix '' --with-lua --with-zlib --with-bzlib --with-pam --with-ssl=openssl --with-sodium --without-sql --with-ldap --with-lzma --with-lz4 --with-icu --without-shadow --with-ssldir=/etc/ssl/dovecot --with-rundir=/run/dovecot --without-shared-libs && \ + ./configure --prefix '' \ + --with-lua \ + --with-zlib \ + --with-bzlib \ + --with-pam \ + --with-ssl=openssl \ + --with-sodium \ + --without-sql \ + --with-ldap \ + --with-lzma \ + --with-lz4 \ + --with-icu \ + --without-shadow \ + --with-ssldir=/etc/ssl/dovecot \ + --with-rundir=/run/dovecot \ + --without-shared-libs && \ make && \ make install @@ -48,7 +63,8 @@ RUN apk --no-cache add \ libressl2.6-libcrypto \ ssmtp \ ca-certificates \ - lua + lua \ + lua-ldap RUN addgroup -g 2222 dovecot RUN adduser -u 2222 -h /home/dovecot -D -G dovecot dovecot From 1009ae9fc8f47c914f358ba0c902b8cab33d4111 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 08:47:04 +0100 Subject: [PATCH 05/31] add lz4 to second stage --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 4cdf890..4c43033 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,6 +58,7 @@ RUN apk --no-cache add \ libsodium \ libbz2 \ zlib \ + lz4 \ libressl \ libressl2.6-libssl \ libressl2.6-libcrypto \ From ef2dab732cb5f2e63563b2108e5e525997da7966 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 09:33:18 +0100 Subject: [PATCH 06/31] upgarde settings to dovecot 2.3 --- README.md | 11 +++++++---- rootfs/etc/confd/templates/10-ssl.conf.tmpl | 5 +++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d99c1d5..b752132 100644 --- a/README.md +++ b/README.md @@ -96,16 +96,19 @@ Name of the certificate domain. Length of the Diffie-Helman key in bits. -## SSL_PROTOCOLS -- default: !SSLv2 !SSLv3 +## SSL_MIN_PROTOCOL +- default: TLSv1 -Space seperated list of allowed ssl protocols (`!`disables a protocol). +Ssl minimum protocol version. ## SSL_CIPHERLIST -- default: ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM +- default: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH Colon seperated list of supported ciphers (`!`disables a cipher). +Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list +of ciphers. + ## IMAP_MAX_USER_CONNECTIONS - default: 10 diff --git a/rootfs/etc/confd/templates/10-ssl.conf.tmpl b/rootfs/etc/confd/templates/10-ssl.conf.tmpl index 3d11a67..013574f 100644 --- a/rootfs/etc/confd/templates/10-ssl.conf.tmpl +++ b/rootfs/etc/confd/templates/10-ssl.conf.tmpl @@ -1,7 +1,8 @@ ssl = yes ssl_cert = Date: Fri, 16 Feb 2018 10:02:47 +0100 Subject: [PATCH 07/31] add dh param generation --- rootfs/etc/cont-init.d/02-dhparam | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 rootfs/etc/cont-init.d/02-dhparam diff --git a/rootfs/etc/cont-init.d/02-dhparam b/rootfs/etc/cont-init.d/02-dhparam new file mode 100644 index 0000000..7bb26b0 --- /dev/null +++ b/rootfs/etc/cont-init.d/02-dhparam @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv sh + +if [ ! -f /etc/ssl/mail/dh.pem ]; then + openssl dhparam -out /etc/ssl/mail/dh.pem ${SSL_DH_LENGTH:-2048} +fi From 9fb0e9a924c1c9404f8db4116fdba40a1faaa1a6 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 10:36:55 +0100 Subject: [PATCH 08/31] copy libexec stuff to second stage --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 4c43033..3be8719 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,6 +49,7 @@ RUN cd /tmp/pigeonhole && \ FROM registry.gitlab.com/thallian/docker-confd-env:master COPY --from=builder /lib/dovecot/ /lib/dovecot/ +COPY --from=builder /libexec/dovecot/ /libexec/dovecot/ COPY --from=builder /bin/doveadm /bin/doveadm COPY --from=builder /bin/doveconf /bin/doveconf COPY --from=builder /sbin/dovecot /sbin/dovecot From fe63604dcf4f73c363b260e7156e73fc7c422e0f Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 11:00:56 +0100 Subject: [PATCH 09/31] ssl_dh_parameters_length param no longer needed --- rootfs/etc/confd/templates/10-ssl.conf.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/rootfs/etc/confd/templates/10-ssl.conf.tmpl b/rootfs/etc/confd/templates/10-ssl.conf.tmpl index 013574f..34c079e 100644 --- a/rootfs/etc/confd/templates/10-ssl.conf.tmpl +++ b/rootfs/etc/confd/templates/10-ssl.conf.tmpl @@ -2,7 +2,6 @@ ssl = yes ssl_cert = Date: Fri, 16 Feb 2018 11:04:52 +0100 Subject: [PATCH 10/31] add dovenull user --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3be8719..c7443f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -71,6 +71,9 @@ RUN apk --no-cache add \ RUN addgroup -g 2222 dovecot RUN adduser -u 2222 -h /home/dovecot -D -G dovecot dovecot +RUN addgroup -g 2222 dovenull +RUN adduser -u 2222 -h /home/dovenull -D -G dovenull dovenull + RUN addgroup -g 1111 vmail RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail From 3308c10c074c1c263baeef5ec163b79594d0963f Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 11:08:14 +0100 Subject: [PATCH 11/31] add dovenull user --- Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7443f2..9ce7ba5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,11 +68,14 @@ RUN apk --no-cache add \ lua \ lua-ldap -RUN addgroup -g 2222 dovecot -RUN adduser -u 2222 -h /home/dovecot -D -G dovecot dovecot +RUN addgroup -g 100 dovecot +RUN adduser -u 90 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot -RUN addgroup -g 2222 dovenull -RUN adduser -u 2222 -h /home/dovenull -D -G dovenull dovenull +RUN addgroup -g 101 dovenull +RUN adduser -u 91 -h /dev/null -H -s /sbin/nologin -D -G dovenull dovenull + +RUN addgroup -g 2222 access +RUN addgroup dovecot access RUN addgroup -g 1111 vmail RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail From 68cc3608b836cac5d393a9828cff6a18419c16e6 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 11:21:15 +0100 Subject: [PATCH 12/31] higher ids --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9ce7ba5..0113ae0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,11 +68,11 @@ RUN apk --no-cache add \ lua \ lua-ldap -RUN addgroup -g 100 dovecot -RUN adduser -u 90 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot +RUN addgroup -g 150 dovecot +RUN adduser -u 140 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot -RUN addgroup -g 101 dovenull -RUN adduser -u 91 -h /dev/null -H -s /sbin/nologin -D -G dovenull dovenull +RUN addgroup -g 151 dovenull +RUN adduser -u 141 -h /dev/null -H -s /sbin/nologin -D -G dovenull dovenull RUN addgroup -g 2222 access RUN addgroup dovecot access From 86773528922d0088ec4004737fb69f1474051223 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 11:41:27 +0100 Subject: [PATCH 13/31] add sieve binaries --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0113ae0..8d93a0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,13 +53,14 @@ COPY --from=builder /libexec/dovecot/ /libexec/dovecot/ COPY --from=builder /bin/doveadm /bin/doveadm COPY --from=builder /bin/doveconf /bin/doveconf COPY --from=builder /sbin/dovecot /sbin/dovecot -#COPY --from=builder /share/doc/dovecot/example-config/ /etc/dovecot/ +COPY --from=builder /usr/local/bin/sieve* /bin/ RUN apk --no-cache add \ libsodium \ libbz2 \ zlib \ lz4 \ + linux-pam \ libressl \ libressl2.6-libssl \ libressl2.6-libcrypto \ From 5cf87d7efa9998fc27dd1778eb347644998be91e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 12:01:36 +0100 Subject: [PATCH 14/31] ensure sieve dir permissions --- Dockerfile | 2 ++ rootfs/etc/fix-attrs.d/00-mails | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8d93a0c..26669be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -84,6 +84,8 @@ RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail RUN mkdir -p /etc/dovecot/conf.d RUN mkdir /var/lib/vmail/sieve-after/ +RUN chown -R vmail:vmail /var/lib/vmail/sieve-after/ + EXPOSE 143 4190 6334 7777 VOLUME /var/lib/vmail/mail/ /etc/ssl/mail diff --git a/rootfs/etc/fix-attrs.d/00-mails b/rootfs/etc/fix-attrs.d/00-mails index 492cfe6..777bfac 100644 --- a/rootfs/etc/fix-attrs.d/00-mails +++ b/rootfs/etc/fix-attrs.d/00-mails @@ -1 +1 @@ -/var/lib/vmail/mail true vmail 0640 0750 \ No newline at end of file +/var/lib/vmail/mail true vmail 0640 0750 From 5ccca3a2493bd0e47fe89e5628cad58eabed5b39 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 12:11:13 +0100 Subject: [PATCH 15/31] building process --- Dockerfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 26669be..dfb3d5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,14 +36,19 @@ RUN cd /tmp/dovecot && \ --with-lz4 \ --with-icu \ --without-shadow \ - --with-ssldir=/etc/ssl/dovecot \ + --with-ssldir=/etc/ssl/mail \ --with-rundir=/run/dovecot \ - --without-shared-libs && \ + --disable-static && \ make && \ make install RUN cd /tmp/pigeonhole && \ - ./configure --with-ldap=yes --with-dovecot=/lib/dovecot && \ + ./configure \ + --with-ldap=yes \ + --with-dovecot=/lib/dovecot \ + --with-ssldir=/etc/ssl/mail \ + --with-rundir=/run/dovecot \ + --disable-static && \ make && make install FROM registry.gitlab.com/thallian/docker-confd-env:master @@ -52,6 +57,7 @@ COPY --from=builder /lib/dovecot/ /lib/dovecot/ COPY --from=builder /libexec/dovecot/ /libexec/dovecot/ COPY --from=builder /bin/doveadm /bin/doveadm COPY --from=builder /bin/doveconf /bin/doveconf +COPY --from=builder /bin/dsync /bin/dsync COPY --from=builder /sbin/dovecot /sbin/dovecot COPY --from=builder /usr/local/bin/sieve* /bin/ From 751d64685f265a8cd759bf557da3e525f7039f80 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 12:17:18 +0100 Subject: [PATCH 16/31] remove unnecessary flags from pigeonhole configure --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dfb3d5d..f2a7903 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,8 +46,6 @@ RUN cd /tmp/pigeonhole && \ ./configure \ --with-ldap=yes \ --with-dovecot=/lib/dovecot \ - --with-ssldir=/etc/ssl/mail \ - --with-rundir=/run/dovecot \ --disable-static && \ make && make install From 5c8eea5ff85a3f1a16fdf41caf156d16cedc80c9 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 12:41:41 +0100 Subject: [PATCH 17/31] add mail plugin dir --- Dockerfile | 2 +- rootfs/etc/confd/templates/10-mail.conf.tmpl | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2a7903..ee35a8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ RUN cd /tmp/dovecot && \ make install RUN cd /tmp/pigeonhole && \ - ./configure \ + ./configure --prefix '' \ --with-ldap=yes \ --with-dovecot=/lib/dovecot \ --disable-static && \ diff --git a/rootfs/etc/confd/templates/10-mail.conf.tmpl b/rootfs/etc/confd/templates/10-mail.conf.tmpl index fb1f0f4..3c064c3 100644 --- a/rootfs/etc/confd/templates/10-mail.conf.tmpl +++ b/rootfs/etc/confd/templates/10-mail.conf.tmpl @@ -6,19 +6,21 @@ namespace inbox { auto = subscribe special_use = \Junk } - + mailbox Trash { auto = subscribe special_use = \Trash } - + mailbox Sent { auto = subscribe special_use = \Sent } - + mailbox Drafts { auto = subscribe special_use = \Drafts } } + +mail_plugin_dir = /lib/dovecot From 044dc68da647fd3e87a4f9b6ff25c3d4cc18097a Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 16 Feb 2018 12:43:40 +0100 Subject: [PATCH 18/31] correctly copy sieve binaries --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ee35a8f..941d28f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,7 +57,7 @@ COPY --from=builder /bin/doveadm /bin/doveadm COPY --from=builder /bin/doveconf /bin/doveconf COPY --from=builder /bin/dsync /bin/dsync COPY --from=builder /sbin/dovecot /sbin/dovecot -COPY --from=builder /usr/local/bin/sieve* /bin/ +COPY --from=builder /bin/sieve* /bin/ RUN apk --no-cache add \ libsodium \ From 4aa32aaa990ccea7511fa87b59c9fb2b37b17c80 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 13:56:32 +0100 Subject: [PATCH 19/31] add lua app password script --- README.md | 10 +++- .../confd/templates/auth-ldap.conf.ext.tmpl | 5 ++ .../templates/dovecot-ldap.conf.ext.tmpl | 2 +- rootfs/etc/dovecot/app-password-lookup.lua | 50 +++++++++++++++++++ 4 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 rootfs/etc/dovecot/app-password-lookup.lua diff --git a/README.md b/README.md index b752132..bc34aab 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ Which authentication mechanism to use for the smtp relay. Whether to use starttls for the smtp relay. -## LDAP_URI -Complete uri for the authentication ldap host. +## LDAP_HOST +Ldap hostname (can include the port). ## LDAP_SIEVE_HOST Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`). @@ -73,6 +73,12 @@ The ldap attribute which contains the sieve rules. Whether to use tls when connecting to the ldap host. +## LDAP_APP_PASSWORDS_BASE_DN +Base DN to look for app passwords for a user. + +## LDAP_APP_PASSWORDS_FILTER +Specifies the filter on what counts as an app password. + ## LDAP_DEFAULT_PASSSCHEME - default: SSHA diff --git a/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl b/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl index 9ef7ec4..6c4f295 100644 --- a/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl +++ b/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl @@ -3,6 +3,11 @@ passdb { args = /etc/dovecot/dovecot-ldap.conf.ext } +passdb { + driver = lua + args = file=/etc/dovecot/app-password-lookup.lua +} + userdb { driver = static args = uid=vmail gid=vmail home=/var/lib/vmail/mail/%d/%n diff --git a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl index 751b3ab..16c419c 100644 --- a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl +++ b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl @@ -1,4 +1,4 @@ -uris = {{getenv "LDAP_URI"}} +uris = ldap://{{getenv "LDAP_URI"}} dn = {{getenv "LDAP_BIND_DN"}} dnpass = {{getenv "LDAP_BIND_PASSWORD"}} tls = {{getenv "LDAP_USE_TLS" "yes"}} diff --git a/rootfs/etc/dovecot/app-password-lookup.lua b/rootfs/etc/dovecot/app-password-lookup.lua new file mode 100644 index 0000000..ebb38ba --- /dev/null +++ b/rootfs/etc/dovecot/app-password-lookup.lua @@ -0,0 +1,50 @@ +require "lualdap" + +function auth_passdb_lookup(req) + ldap_use_tls_env = os.getenv("LDAP_USE_TLS") + ldap_use_tls = ldap_use_tls_env == "true" and true or false + + ld = assert (lualdap.open_simple( + os.getenv("LDAP_HOST"), + os.getenv("LDAP_BIND_DN"), + os.getenv("LDAP_BIND_PASSWORD"), + ldap_use_tls)) + + local username = req.username + local ldap_pass_filter = os.getenv("LDAP_PASS_FILTER"):gsub("%%u", username) + + local user_count = 0 + for dn, attribs in ld:search { base = os.getenv("LDAP_BASE_DN"), scope = "subtree", filter = ldap_pass_filter } do + user_count = user_count + 1 + end + + local user_exists = user_count == 1 + if user_exists then + local app_base_dn = os.getenv("LDAP_APP_PASSWORDS_BASE_DN") + local app_pass_filter = os.getenv("LDAP_APP_PASSWORDS_FILTER") + + local user_password = reg.password + + for dn, attribs in ld:search { base = app_base_dn:gsub("%%u", username), scope = "subtree", filter = app_pass_filter } do + lualdap.open_simple( + os.getenv("LDAP_HOST"), + dn, + user_password, + ldap_use_tls) + if test_conn ~= nil then + return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", os.getenv("LDAP_USER_ATTRIBUTE")) + end + end + else + return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" + end + + return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" +end + +function script_init() + return 0 +end + +function script_deinit() +end From 6148c043b855fde555658dab37744eda666b2342 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 14:07:23 +0100 Subject: [PATCH 20/31] change LDAP_URI to LDAP_HOST --- rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl index 16c419c..2bc6c91 100644 --- a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl +++ b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl @@ -1,4 +1,4 @@ -uris = ldap://{{getenv "LDAP_URI"}} +uris = ldap://{{getenv "LDAP_HOST"}} dn = {{getenv "LDAP_BIND_DN"}} dnpass = {{getenv "LDAP_BIND_PASSWORD"}} tls = {{getenv "LDAP_USE_TLS" "yes"}} From 5df18cf04cce68493ef9afed56eb36d344ebbe52 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 14:29:28 +0100 Subject: [PATCH 21/31] app passwordss cript needs to be a template --- .../conf.d/app-passwords-lookup.lua.toml | 3 + .../templates/app-passwords-lookup.lua.tmpl | 56 +++++++++++++++++++ rootfs/etc/dovecot/app-password-lookup.lua | 50 ----------------- 3 files changed, 59 insertions(+), 50 deletions(-) create mode 100644 rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml create mode 100644 rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl delete mode 100644 rootfs/etc/dovecot/app-password-lookup.lua diff --git a/rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml b/rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml new file mode 100644 index 0000000..07b70b0 --- /dev/null +++ b/rootfs/etc/confd/conf.d/app-passwords-lookup.lua.toml @@ -0,0 +1,3 @@ +[template] +src = "app-passwords-lookup.lua.tmpl" +dest = "/etc/dovecot/app-passwords-lookup.lua" diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl new file mode 100644 index 0000000..1927b35 --- /dev/null +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -0,0 +1,56 @@ +require "lualdap" + +function auth_passdb_lookup(req) + local ldap_host = "{{ getenv "LDAP_HOST" }}" + local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}" + local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}" + local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }} + + ld = assert (lualdap.open_simple( + ldap_host, + ldap_bin_dn, + ldap_bind_password, + ldap_use_tls)) + + local username = req.username + local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}" + local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username) + local ldap_base_dn = {{ getenv "LDAP_BASE_DN" }} + + local user_count = 0 + for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do + user_count = user_count + 1 + end + + local user_exists = user_count == 1 + if user_exists then + local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}" + local app_base_dn_formatted = app_base_dn:gsub("%%u", username) + local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}" + local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}" + + local user_password = reg.password + + for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do + lualdap.open_simple( + ldap_host, + dn, + user_password, + ldap_use_tls) + if test_conn ~= nil then + return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute)) + end + end + else + return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" + end + + return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" +end + +function script_init() + return 0 +end + +function script_deinit() +end diff --git a/rootfs/etc/dovecot/app-password-lookup.lua b/rootfs/etc/dovecot/app-password-lookup.lua deleted file mode 100644 index ebb38ba..0000000 --- a/rootfs/etc/dovecot/app-password-lookup.lua +++ /dev/null @@ -1,50 +0,0 @@ -require "lualdap" - -function auth_passdb_lookup(req) - ldap_use_tls_env = os.getenv("LDAP_USE_TLS") - ldap_use_tls = ldap_use_tls_env == "true" and true or false - - ld = assert (lualdap.open_simple( - os.getenv("LDAP_HOST"), - os.getenv("LDAP_BIND_DN"), - os.getenv("LDAP_BIND_PASSWORD"), - ldap_use_tls)) - - local username = req.username - local ldap_pass_filter = os.getenv("LDAP_PASS_FILTER"):gsub("%%u", username) - - local user_count = 0 - for dn, attribs in ld:search { base = os.getenv("LDAP_BASE_DN"), scope = "subtree", filter = ldap_pass_filter } do - user_count = user_count + 1 - end - - local user_exists = user_count == 1 - if user_exists then - local app_base_dn = os.getenv("LDAP_APP_PASSWORDS_BASE_DN") - local app_pass_filter = os.getenv("LDAP_APP_PASSWORDS_FILTER") - - local user_password = reg.password - - for dn, attribs in ld:search { base = app_base_dn:gsub("%%u", username), scope = "subtree", filter = app_pass_filter } do - lualdap.open_simple( - os.getenv("LDAP_HOST"), - dn, - user_password, - ldap_use_tls) - if test_conn ~= nil then - return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", os.getenv("LDAP_USER_ATTRIBUTE")) - end - end - else - return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" - end - - return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" -end - -function script_init() - return 0 -end - -function script_deinit() -end From 436e666ed2debe77ba0e1c3e51adf14b2cdaf688 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 14:46:20 +0100 Subject: [PATCH 22/31] correctly configure lua passdb --- rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl b/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl index 6c4f295..64048e4 100644 --- a/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl +++ b/rootfs/etc/confd/templates/auth-ldap.conf.ext.tmpl @@ -5,7 +5,7 @@ passdb { passdb { driver = lua - args = file=/etc/dovecot/app-password-lookup.lua + args = file=/etc/dovecot/app-passwords-lookup.lua } userdb { From 90f4ac4cff831c8155c0c3e7f1634c81295ad41c Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 14:52:38 +0100 Subject: [PATCH 23/31] correct lua syntax --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 1927b35..ccb8c23 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -15,7 +15,7 @@ function auth_passdb_lookup(req) local username = req.username local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}" local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username) - local ldap_base_dn = {{ getenv "LDAP_BASE_DN" }} + local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}" local user_count = 0 for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do @@ -38,7 +38,7 @@ function auth_passdb_lookup(req) user_password, ldap_use_tls) if test_conn ~= nil then - return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute)) + return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute) end end else From b59c12fd70b7b57db48272b00fec1899c6444162 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 15:05:17 +0100 Subject: [PATCH 24/31] use req.user var for username --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index ccb8c23..cefd1df 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -12,7 +12,7 @@ function auth_passdb_lookup(req) ldap_bind_password, ldap_use_tls)) - local username = req.username + local username = req.user local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}" local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username) local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}" From 16fe33017738d9385d6b740b713251e4c1f9035d Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 15:15:24 +0100 Subject: [PATCH 25/31] it is req not reg --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index cefd1df..7078b3a 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -29,7 +29,7 @@ function auth_passdb_lookup(req) local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}" local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}" - local user_password = reg.password + local user_password = req.password for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do lualdap.open_simple( From 9b014c4a7ac1e500890375c53e700571ed20858c Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 17:02:32 +0100 Subject: [PATCH 26/31] fix lua auth script --- README.md | 2 +- rootfs/etc/confd/templates/10-auth.conf.tmpl | 2 +- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bc34aab..73053e9 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Default password scheme used on the ldap host. List of characters allowed in a username. ## AUTH_MECHANISMS -- default: plain login +- default: plain Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms). diff --git a/rootfs/etc/confd/templates/10-auth.conf.tmpl b/rootfs/etc/confd/templates/10-auth.conf.tmpl index e40f07c..f7c7b0f 100644 --- a/rootfs/etc/confd/templates/10-auth.conf.tmpl +++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl @@ -1,4 +1,4 @@ auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}} auth_username_format = %Lu -auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}} +auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}} !include auth-ldap.conf.ext diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 7078b3a..5edda4b 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -4,7 +4,7 @@ function auth_passdb_lookup(req) local ldap_host = "{{ getenv "LDAP_HOST" }}" local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}" local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}" - local ldap_use_tls = {{ getenv "LDAP_USE_TLS" }} + local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }} ld = assert (lualdap.open_simple( ldap_host, @@ -27,12 +27,12 @@ function auth_passdb_lookup(req) local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}" local app_base_dn_formatted = app_base_dn:gsub("%%u", username) local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}" - local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" }}" + local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}" local user_password = req.password for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do - lualdap.open_simple( + local test_conn = lualdap.open_simple( ldap_host, dn, user_password, @@ -45,7 +45,7 @@ function auth_passdb_lookup(req) return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" end - return dovecot.auth.PASSDB_RESULT_NEXT, "no app password matches" + return dovecot.auth.PASSDB_RESULT_NEXT, "" end function script_init() From 2169802a9fb878e1851533c5d70542c2f6424721 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 18:18:49 +0100 Subject: [PATCH 27/31] correctly use lua script in dovecot --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 5edda4b..7715504 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -22,6 +22,9 @@ function auth_passdb_lookup(req) user_count = user_count + 1 end + local return_code = dovecot.auth.PASSDB_RESULT_NEXT + local return_text = "" + local user_exists = user_count == 1 if user_exists then local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}" @@ -32,20 +35,22 @@ function auth_passdb_lookup(req) local user_password = req.password for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do + req:log_info(string.format("trying %s...", dn)) + local test_conn = lualdap.open_simple( ldap_host, dn, user_password, ldap_use_tls) if test_conn ~= nil then - return dovecot.auth.PASSDB_RESULT_OK, string.format("%s=user", ldap_user_attribute) + return dovecot.auth.PASSDB_RESULT_OK, string.format("password=%s user=%s", user_password, username) end end else return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user" end - return dovecot.auth.PASSDB_RESULT_NEXT, "" + return return_code, return_text end function script_init() From c2bc44b3acf344b79943fb47f3b5d3758e2b8dbf Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 18:19:20 +0100 Subject: [PATCH 28/31] log success --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 7715504..0a9f0f5 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -43,6 +43,7 @@ function auth_passdb_lookup(req) user_password, ldap_use_tls) if test_conn ~= nil then + req:log_info(string.format("%s suceeded!", dn)) return dovecot.auth.PASSDB_RESULT_OK, string.format("password=%s user=%s", user_password, username) end end From 80e3ecde779e70303cb40364ecfc9178e58b11b7 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 18:21:30 +0100 Subject: [PATCH 29/31] remove unneeded function for lua auth script --- rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl | 7 ------- 1 file changed, 7 deletions(-) diff --git a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl index 0a9f0f5..3c697b8 100644 --- a/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl +++ b/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl @@ -53,10 +53,3 @@ function auth_passdb_lookup(req) return return_code, return_text end - -function script_init() - return 0 -end - -function script_deinit() -end From 9f5d5c63eb3379e2572ffefb179983b8b076dac5 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 18:24:55 +0100 Subject: [PATCH 30/31] remove LDAP_DEFAULT_PASSSCHEME var documentation --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 73053e9..9104bc1 100644 --- a/README.md +++ b/README.md @@ -79,11 +79,6 @@ Base DN to look for app passwords for a user. ## LDAP_APP_PASSWORDS_FILTER Specifies the filter on what counts as an app password. -## LDAP_DEFAULT_PASSSCHEME -- default: SSHA - -Default password scheme used on the ldap host. - ## ALLOWED_USERNAME_CHARS - default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ From cff9032388a54f1051fceb483cfeb82b299790ae Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 27 Feb 2018 20:50:43 +0100 Subject: [PATCH 31/31] add inotify --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 941d28f..fd574df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,8 @@ RUN apk --no-cache add \ bzip2-dev \ xz-dev \ lz4-dev \ - icu-dev + icu-dev \ + inotify-tools-dev RUN mkdir /tmp/dovecot RUN wget -qO- https://www.dovecot.org/releases/2.3/dovecot-2.3.0.tar.gz | tar -xz -C /tmp/dovecot --strip 2 @@ -24,6 +25,7 @@ RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole RUN cd /tmp/dovecot && \ ./configure --prefix '' \ + --with-notify=inotify \ --with-lua \ --with-zlib \ --with-bzlib \ @@ -71,7 +73,8 @@ RUN apk --no-cache add \ ssmtp \ ca-certificates \ lua \ - lua-ldap + lua-ldap \ + inotify-tools RUN addgroup -g 150 dovecot RUN adduser -u 140 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot