/functions/ldap_server.sh

https://github.com/iredmail/iRedMail · Shell · 169 lines · 136 code · 28 blank · 5 comment · 2 complexity · 57656cbc173ec9fb581ee8fdfa5b2d5d MD5 · raw file 

    

  1. ldap_generate_populate_ldif()
    2. 

  2. {
    3. 

  3.     ECHO_DEBUG "Generate LDIF file used to populate LDAP tree."
    4. 

  4. 

  5.     export LDAP_SUFFIX_MAJOR="$(echo ${LDAP_SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g' | awk -F'.' '{print $1}')"
    6. 

  6. 

  7.     cat > ${LDAP_INIT_LDIF} <<EOF
    8. 

  8. dn: ${LDAP_SUFFIX}
    9. 

  9. objectclass: dcObject
    10. 

  10. objectclass: organization
    11. 

  11. dc: ${LDAP_SUFFIX_MAJOR}
    12. 

  12. o: ${LDAP_SUFFIX_MAJOR}
    13. 

  13. 

  14. dn: ${LDAP_BINDDN}
    15. 

  15. objectClass: person
    16. 

  16. objectClass: shadowAccount
    17. 

  17. objectClass: top
    18. 

  18. cn: ${SYS_USER_VMAIL}
    19. 

  19. sn: ${SYS_USER_VMAIL}
    20. 

  20. uid: ${SYS_USER_VMAIL}
    21. 

  21. userPassword: $(generate_password_hash SSHA "${LDAP_BINDPW}")
    22. 

  22. 

  23. dn: ${LDAP_ADMIN_DN}
    24. 

  24. objectClass: person
    25. 

  25. objectClass: shadowAccount
    26. 

  26. objectClass: top
    27. 

  27. cn: ${VMAIL_DB_ADMIN_USER}
    28. 

  28. sn: ${VMAIL_DB_ADMIN_USER}
    29. 

  29. uid: ${VMAIL_DB_ADMIN_USER}
    30. 

  30. userPassword: $(generate_password_hash SSHA "${LDAP_ADMIN_PW}")
    31. 

  31. 

  32. dn: ${LDAP_BASEDN}
    33. 

  33. objectClass: Organization
    34. 

  34. o: ${LDAP_BASEDN_NAME}
    35. 

  35. 

  36. dn: ${LDAP_ADMIN_BASEDN}
    37. 

  37. objectClass: Organization
    38. 

  38. o: ${LDAP_ATTR_DOMAINADMIN_DN_NAME}
    39. 

  39. 

  40. dn: domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
    41. 

  41. objectClass: mailDomain
    42. 

  42. domainName: ${FIRST_DOMAIN}
    43. 

  43. mtaTransport: ${TRANSPORT}
    44. 

  44. accountStatus: active
    45. 

  45. accountSetting: minPasswordLength:8
    46. 

  46. accountSetting: defaultQuota:1024
    47. 

  47. enabledService: mail
    48. 

  48. 

  49. dn: ou=Users,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
    50. 

  50. objectClass: organizationalUnit
    51. 

  51. objectClass: top
    52. 

  52. ou: Users
    53. 

  53. 

  54. dn: ou=Groups,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
    55. 

  55. objectClass: organizationalUnit
    56. 

  56. objectClass: top
    57. 

  57. ou: Groups
    58. 

  58. 

  59. dn: ou=Aliases,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
    60. 

  60. objectClass: organizationalUnit
    61. 

  61. objectClass: top
    62. 

  62. ou: Aliases
    63. 

  63. 

  64. dn: ou=Externals,domainName=${FIRST_DOMAIN},${LDAP_BASEDN}
    65. 

  65. objectClass: organizationalUnit
    66. 

  66. objectClass: top
    67. 

  67. ou: Externals
    68. 

  68. 

  69. dn: mail=${DOMAIN_ADMIN_EMAIL},${LDAP_ATTR_GROUP_RDN}=${LDAP_ATTR_GROUP_USERS},${LDAP_ATTR_DOMAIN_RDN}=${FIRST_DOMAIN},${LDAP_BASEDN}
    70. 

  70. objectClass: inetOrgPerson
    71. 

  71. objectClass: shadowAccount
    72. 

  72. objectClass: amavisAccount
    73. 

  73. objectClass: mailUser
    74. 

  74. objectClass: top
    75. 

  75. cn: ${DOMAIN_ADMIN_NAME}
    76. 

  76. sn: ${DOMAIN_ADMIN_NAME}
    77. 

  77. uid: ${DOMAIN_ADMIN_NAME}
    78. 

  78. givenName: ${DOMAIN_ADMIN_NAME}
    79. 

  79. mail: ${DOMAIN_ADMIN_EMAIL}
    80. 

  80. accountStatus: active
    81. 

  81. storageBaseDirectory: ${STORAGE_BASE_DIR}
    82. 

  82. mailMessageStore: ${STORAGE_NODE}/${DOMAIN_ADMIN_MAILDIR_HASH_PART}
    83. 

  83. homeDirectory: ${DOMAIN_ADMIN_MAILDIR_FULL_PATH}
    84. 

  84. mailQuota: 104857600
    85. 

  85. userPassword: ${DOMAIN_ADMIN_PASSWD_HASH}
    86. 

  86. enabledService: mail
    87. 

  87. enabledService: internal
    88. 

  88. enabledService: doveadm
    89. 

  89. enabledService: smtp
    90. 

  90. enabledService: smtpsecured
    91. 

  91. enabledService: smtptls
    92. 

  92. enabledService: pop3
    93. 

  93. enabledService: pop3secured
    94. 

  94. enabledService: pop3tls
    95. 

  95. enabledService: imap
    96. 

  96. enabledService: imapsecured
    97. 

  97. enabledService: imaptls
    98. 

  98. enabledService: deliver
    99. 

  99. enabledService: lda
    100. 

  100. enabledService: lmtp
    101. 

  101. enabledService: forward
    102. 

  102. enabledService: senderbcc
    103. 

  103. enabledService: recipientbcc
    104. 

  104. enabledService: managesieve
    105. 

  105. enabledService: managesievesecured
    106. 

  106. enabledService: sieve
    107. 

  107. enabledService: sievesecured
    108. 

  108. enabledService: sievetls
    109. 

  109. enabledService: displayedInGlobalAddressBook
    110. 

  110. enabledService: shadowaddress
    111. 

  111. enabledService: lib-storage
    112. 

  112. enabledService: indexer-worker
    113. 

  113. enabledService: dsync
    114. 

  114. enabledService: domainadmin
    115. 

  115. enabledService: sogo
    116. 

  116. domainGlobalAdmin: yes
    117. 

  117. EOF
    118. 

  118. }
    119. 

  119. 

  120. ldap_server_config()
    121. 

  121. {
    122. 

  122.     ldap_generate_populate_ldif
    123. 

  123. 

  124.     # Always use SSHA for root dn so that ldap server can verify the password.
    125. 

  125.     # SSHA512, BCRYPT is not supported by OpenLDAP.
    126. 

  126.     export LDAP_ROOTPW_SSHA="$(generate_password_hash SSHA ${LDAP_ROOTPW})"
    127. 

  127. 

  128.     . ${FUNCTIONS_DIR}/openldap.sh
    129. 

  129. 

  130.     check_status_before_run openldap_config && \
    131. 

  131.     check_status_before_run openldap_data_initialize
    132. 

  132. }
    133. 

  133. 

  134. ldap_server_cron_backup()
    135. 

  135. {
    136. 

  136.     ldap_backup_script="${BACKUP_DIR}/${BACKUP_SCRIPT_LDAP_NAME}"
    137. 

  137. 

  138.     ECHO_INFO "Setup daily cron job to backup LDAP data with ${ldap_backup_script}"
    139. 

  139. 

  140.     [ ! -d ${BACKUP_DIR} ] && mkdir -p ${BACKUP_DIR} &>/dev/null
    141. 

  141. 

  142.     backup_file ${ldap_backup_script}
    143. 

  143. 

  144.     cp ${TOOLS_DIR}/${BACKUP_SCRIPT_LDAP_NAME} ${ldap_backup_script}
    145. 

  145.     chown ${SYS_USER_ROOT}:${SYS_GROUP_ROOT} ${ldap_backup_script}
    146. 

  146.     chmod 0500 ${ldap_backup_script}
    147. 

  147. 

  148.     perl -pi -e 's#^(export BACKUP_ROOTDIR=).*#${1}"$ENV{BACKUP_DIR}"#' ${ldap_backup_script}
    149. 

  149.     perl -pi -e 's#^(export MYSQL_USER=).*#${1}"$ENV{IREDADMIN_DB_USER}"#' ${ldap_backup_script}
    150. 

  150.     perl -pi -e 's#^(export MYSQL_PASSWD=).*#${1}"$ENV{IREDADMIN_DB_PASSWD}"#' ${ldap_backup_script}
    151. 

  151. 

  152.     # Add cron job
    153. 

  153.     cat >> ${CRON_FILE_ROOT} <<EOF
    154. 

  154. # ${PROG_NAME}: Backup LDAP data (at 03:00 AM)
    155. 

  155. 0   3   *   *   *   ${SHELL_BASH} ${ldap_backup_script}
    156. 

  156. 

  157. EOF
    158. 

  158. 

  159.     cat >> ${TIP_FILE} <<EOF
    160. 

  160. Backup LDAP data:
    161. 

  161.     * Script: ${ldap_backup_script}
    162. 

  162.     * See also:
    163. 

  163.         # crontab -l -u ${SYS_USER_ROOT}
    164. 

  164. 

  165. EOF
    166. 

  166. 

  167.     echo 'export status_ldap_server_cron_backup="DONE"' >> ${STATUS_FILE}
    168. 

  168. }
    169.