majic-ansible-roles Changeset

Changeset - 4313878669b1

Parent rev.

Child rev.

[Not reviewed]

0 6 0

Branko Majic (branko) - 9 years ago 2015-10-04 13:05:54
branko@majic.rs

MAR-37: Fixed documentation for the mail server LDAP base DN parameter, and renamed the parameter to make a bit more sense (to reduce confusion).

6 files changed with 25 insertions and 24 deletions:

docs/rolereference.rst

roles/mail_server/templates/dovecot-ldap.conf.ext.j2

roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2

roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2

roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2

testsite/group_vars/mail.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

 doing look-ups:
 * Postfix will log-in to LDAP as user
-  ``cn=postfix,ou=services,MAIL_LDAP_ROOT_DN``.
+  ``cn=postfix,ou=services,MAIL_LDAP_BASE_DN``.
 * Dovecot will log-in to LDAP as user
-  ``cn=dovecot,ou=services,MAIL_LDAP_ROOT_DN``.
+  ``cn=dovecot,ou=services,MAIL_LDAP_BASE_DN``.
 * Domain entries need to be available as
-  ``dc=DOMAIN,ou=domains,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``.
+  ``dc=DOMAIN,ou=domains,ou=mail,ou=services,MAIL_LDAP_BASE_DN``.
 * Alias entries need to be available as
-  ``cn=ALIAS,ou=aliases,ou=mail,ou=services,MAIL_LDAP_ROOT_DN``.
+  ``cn=ALIAS,ou=aliases,ou=mail,ou=services,MAIL_LDAP_BASE_DN``.
 * User entries are read from sub-tree (first-level only)
   ``ou=people,MAIL_LDAP_ROOT_DN``. Query filter used for finding users is
   ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_ROOT_DN))``. This allows
   ``ou=people,MAIL_LDAP_BASE_DN``. Query filter used for finding users is
   ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_BASE_DN))``. This allows
   group-based granting of mail services to users.
 Parameters
 ~~~~~~~~~~
 **mail_ldap_base_dn** (string, mandatory)
   Base DN on the LDAP server. A specific directory structure is expected under
   this entry (as explained above) in order to locate the available domains,
   users, aliases etc.
 **mail_ldap_url** (string, mandatory)
   LDAP URL that should be used for connecting to the LDAP server for doing
   domain/user look-ups.
@@ @@ -727,10 +732,6 @@ Parameters @@
   Path to TLS truststore used for verifying the LDAP certificate. Should be in
   PEM format.
 **mail_service_ldap_base_dn** (string, mandatory)
   Base DN in LDAP for the mail services under which the entries (domains, users,
   aliases) can be found.
 **mail_ldap_postfix_password** (string, mandatory)
   Password for authenticating the Postfix LDAP user.
   mail_ldap_url: ldap://ldap.example.com/
   mail_ldap_tls_truststore: /etc/ssl/certs/truststore.pem
-  mail_ldap_root_dn: dc=example,dc=com
+  mail_ldap_base_dn: dc=example,dc=com
   mail_ldap_postfix_password: postfix
   mail_ldap_dovecot_password: dovecot

roles/mail_server/templates/dovecot-ldap.conf.ext.j2

➞

Show inline comments

 uris = {{ mail_ldap_url }}
-dn = cn=dovecot,ou=services,{{ mail_service_ldap_base_dn }}
+dn = cn=dovecot,ou=services,{{ mail_ldap_base_dn }}
 dnpass = {{ mail_ldap_dovecot_password }}
 tls = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 tls_require_cert = demand
 auth_bind = yes
-base = ou=people,{{ mail_service_ldap_base_dn }}
+base = ou=people,{{ mail_ldap_base_dn }}
 scope = onelevel
-user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
+user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
 pass_attrs = mail=user,userPassword=password
-pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
+pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
 iterate_attrs = mail=user
-iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }})
+iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }})
 default_pass_scheme = SSHA
 user_attrs =

roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings.
-search_base = ou=aliases,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
+search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap_base_dn }}
 scope = one
 query_filter = cn=%s
 result_attribute = rfc822MailMember

roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings.
-search_base = ou=domains,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
+search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap_base_dn }}
 scope = one
 query_filter = dc=%s
 result_attribute = dc

roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings
-search_base = ou=people,{{ mail_service_ldap_base_dn }}
+search_base = ou=people,{{ mail_ldap_base_dn }}
 scope = one
-query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_service_ldap_base_dn}}))
+query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap_base_dn}}))
 result_attribute = mail

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
 mail_ldap_tls_truststore: /etc/ssl/certs/ca.pem
-mail_service_ldap_base_dn: "{{ testsite_ldap_base }}"
+mail_ldap_base_dn: "{{ testsite_ldap_base }}"
 mail_ldap_postfix_password: postfix
 mail_ldap_dovecot_password: dovecot

0 comments (0 inline, 0 general)