/iRedMail/functions/ldap_server.sh
Shell | 181 lines | 146 code | 30 blank | 5 comment | 8 complexity | 17bd6f4a97066b5d03ad826abbbf57f4 MD5 | raw file
- ldap_generate_populate_ldif()
- {
- ECHO_DEBUG "Generate LDIF file used to populate LDAP tree."
- export LDAP_SUFFIX_MAJOR="$(echo ${LDAP_SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g' | awk -F'.' '{print $1}')"
- cat > ${LDAP_INIT_LDIF} <<EOF
- dn: ${LDAP_SUFFIX}
- objectclass: dcObject
- objectclass: organization
- dc: ${LDAP_SUFFIX_MAJOR}
- o: ${LDAP_SUFFIX_MAJOR}
- dn: ${LDAP_BINDDN}
- objectClass: person
- objectClass: shadowAccount
- objectClass: top
- cn: ${VMAIL_USER_NAME}
- sn: ${VMAIL_USER_NAME}
- uid: ${VMAIL_USER_NAME}
- userPassword: $(generate_password_hash SSHA "${LDAP_BINDPW}")
- dn: ${LDAP_ADMIN_DN}
- objectClass: person
- objectClass: shadowAccount
- objectClass: top
- cn: ${VMAIL_DB_ADMIN_USER}
- sn: ${VMAIL_DB_ADMIN_USER}
- uid: ${VMAIL_DB_ADMIN_USER}
- userPassword: $(generate_password_hash SSHA "${LDAP_ADMIN_PW}")
- dn: ${LDAP_BASEDN}
- objectClass: Organization
- o: ${LDAP_BASEDN_NAME}
- dn: ${LDAP_ADMIN_BASEDN}
- objectClass: Organization
- o: ${LDAP_ATTR_DOMAINADMIN_DN_NAME}
- dn: domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: mailDomain
- domainName: ${FIRST_DOMAIN}
- mtaTransport: ${TRANSPORT}
- accountStatus: active
- accountSetting: minPasswordLength:8
- accountSetting: defaultQuota:1024
- enabledService: mail
- dn: ou=Users,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: organizationalUnit
- objectClass: top
- ou: Users
- dn: ou=Groups,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: organizationalUnit
- objectClass: top
- ou: Groups
- dn: ou=Aliases,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: organizationalUnit
- objectClass: top
- ou: Aliases
- dn: ou=Externals,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: organizationalUnit
- objectClass: top
- ou: Externals
- dn: mail=${FIRST_USER}@${FIRST_DOMAIN},${LDAP_ATTR_GROUP_RDN}=${LDAP_ATTR_GROUP_USERS},${LDAP_ATTR_DOMAIN_RDN}=${FIRST_DOMAIN},${LDAP_BASEDN}
- objectClass: inetOrgPerson
- objectClass: shadowAccount
- objectClass: amavisAccount
- objectClass: mailUser
- objectClass: top
- cn: ${FIRST_USER}
- sn: ${FIRST_USER}
- uid: ${FIRST_USER}
- givenName: ${FIRST_USER}
- mail: ${FIRST_USER}@${FIRST_DOMAIN}
- accountStatus: active
- storageBaseDirectory: ${STORAGE_BASE_DIR}
- mailMessageStore: ${STORAGE_NODE}/${FIRST_USER_MAILDIR_HASH_PART}
- homeDirectory: ${FIRST_USER_MAILDIR_FULL_PATH}
- mailQuota: 104857600
- userPassword: $(generate_password_hash ${DEFAULT_PASSWORD_SCHEME} "${FIRST_USER_PASSWD}")
- enabledService: mail
- enabledService: internal
- enabledService: doveadm
- enabledService: smtp
- enabledService: smtpsecured
- enabledService: pop3
- enabledService: pop3secured
- enabledService: imap
- enabledService: imapsecured
- enabledService: deliver
- enabledService: lda
- enabledService: lmtp
- enabledService: forward
- enabledService: senderbcc
- enabledService: recipientbcc
- enabledService: managesieve
- enabledService: managesievesecured
- enabledService: sieve
- enabledService: sievesecured
- enabledService: displayedInGlobalAddressBook
- enabledService: shadowaddress
- enabledService: lib-storage
- enabledService: indexer-worker
- enabledService: dsync
- enabledService: domainadmin
- enabledService: sogo
- domainGlobalAdmin: yes
- EOF
- }
- ldap_server_config()
- {
- ldap_generate_populate_ldif
- # Always use SSHA for root dn so that ldap server can verify the password.
- # SSHA512, BCRYPT is not supported by OpenLDAP.
- export LDAP_ROOTPW_SSHA="$(generate_password_hash SSHA ${LDAP_ROOTPW})"
- if [ X"${BACKEND_ORIG}" == X'LDAPD' ]; then
- . ${FUNCTIONS_DIR}/ldapd.sh
- check_status_before_run ldapd_config
- else
- . ${FUNCTIONS_DIR}/openldap.sh
- check_status_before_run openldap_config && \
- check_status_before_run openldap_data_initialize
- fi
- }
- ldap_server_cron_backup()
- {
- if [ X"${BACKEND_ORIG}" == X'LDAPD' ]; then
- ldap_backup_script="${BACKUP_DIR}/${BACKUP_SCRIPT_LDAPD_NAME}"
- else
- ldap_backup_script="${BACKUP_DIR}/${BACKUP_SCRIPT_LDAP_NAME}"
- fi
- ECHO_INFO "Setup daily cron job to backup LDAP data with ${ldap_backup_script}"
- [ ! -d ${BACKUP_DIR} ] && mkdir -p ${BACKUP_DIR} &>/dev/null
- backup_file ${ldap_backup_script}
- cp ${TOOLS_DIR}/${BACKUP_SCRIPT_LDAP_NAME} ${ldap_backup_script}
- chown ${SYS_ROOT_USER}:${SYS_ROOT_GROUP} ${ldap_backup_script}
- chmod 0500 ${ldap_backup_script}
- perl -pi -e 's#^(export BACKUP_ROOTDIR=).*#${1}"$ENV{BACKUP_DIR}"#' ${ldap_backup_script}
- perl -pi -e 's#^(export MYSQL_USER=).*#${1}"$ENV{IREDADMIN_DB_USER}"#' ${ldap_backup_script}
- perl -pi -e 's#^(export MYSQL_PASSWD=).*#${1}"$ENV{IREDADMIN_DB_PASSWD}"#' ${ldap_backup_script}
- if [ X"${BACKEND_ORIG}" == X'LDAPD' ]; then
- perl -pi -e 's#(export LDAP_BASE_DN=).*#${1}"$ENV{LDAP_SUFFIX}"#g' ${ldap_backup_script}
- perl -pi -e 's#(export LDAP_BIND_DN=).*#${1}"$ENV{LDAP_ROOTDN}"#g' ${ldap_backup_script}
- perl -pi -e 's#(export LDAP_BIND_PASSWORD=).*#${1}"$ENV{LDAP_ROOTPW}"#g' ${ldap_backup_script}
- fi
- # Add cron job
- cat >> ${CRON_FILE_ROOT} <<EOF
- # ${PROG_NAME}: Backup LDAP data (at 03:00 AM)
- 0 3 * * * ${SHELL_BASH} ${ldap_backup_script}
- EOF
- cat >> ${TIP_FILE} <<EOF
- Backup LDAP data:
- * Script: ${ldap_backup_script}
- * See also:
- # crontab -l -u ${SYS_ROOT_USER}
- EOF
- echo 'export status_ldap_server_cron_backup="DONE"' >> ${STATUS_FILE}
- }