Merge pull request 'ldap_scheme_postfix' (#3) from ldap_scheme_postfix into main

Reviewed-on: #3
2022-01-04 09:35:24 +00:00 · 2022-01-04 09:35:24 +00:00 · ee7d8b491b
parent 414b57d3db d67869aaf6
commit ee7d8b491b
5 changed files with 76 additions and 0 deletions
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -0,0 +1,12 @@
+smtpd_banner = $myhostname ESMTP
+
+disable_vrfy_command = yes
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+
+smtp_use_tls = yes
+smtp_tls_CApath = /etc/ssl/certs
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
+smtp_tls_security_level = may
+smtp_tls_mandatory_ciphers = high
--- a/bundles/postfix/items.py
+++ b/bundles/postfix/items.py
@ -0,0 +1,28 @@
+svc_systemd = {
+    'postfix': {
+        'needs': [
+            'pkg_apt:postfix',
+            'file:/etc/postfix/main.cf',
+        ],
+    }
+}
+
+files = {
+    '/etc/postfix/main.cf': {
+        'content_type': 'mako',
+        'needs': ['pkg_apt:postfix'],
+        'triggers': [
+            'svc_systemd:postfix:restart',
+        ],
+    },
+}
+
+directories = {
+    '/etc/postfix': {
+        'owner': 'root',
+        'mode': '1755',
+        'needs': [
+            'pkg_apt:postfix',
+        ],
+    },
+}
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@ -0,0 +1,7 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'postfix': {},
+        },
+    },
+}
--- a/data/openldap/files/qzwiperson.schema
+++ b/data/openldap/files/qzwiperson.schema
@ -0,0 +1,21 @@
+attributetype ( 1.3.6.1.4.1.0.1
+        NAME 'externalMail'
+        DESC 'external mail address for communication outside the org'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+        SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.0.2
+        NAME 'qzwiperson'
+        DESC 'own object schema to add custom values'
+        SUP top
+        AUXILIARY
+        MUST  (cn $ sn $ uid $ externalMail)
+        MAY
+        ( displayName $ givenName $ homePhone $ homePostalAddress $
+        mail $ mobile $ o $ photo $ userCertificate $
+        x500uniqueIdentifier $ preferredLanguage $
+        userSMIMECertificate $ userPKCS12 $ userPassword $
+        telephoneNumber $ description ) )
+
--- a/nodes/qzwi.toml
+++ b/nodes/qzwi.toml
@ -6,6 +6,7 @@ bundles = [
  "nginx",
  "nextcloud",
  "openldap",
+  "postfix",
  "php",
  "postgresql",
  "redis",
@ -52,8 +53,15 @@ backup = [
 ]
 schemas = [
  "openssh-lpk_openldap",
+  "qzwiperson",
 ]

+[metadata.ldap-frontend.template]
+"group_admin" = "(&(objectclass=qzwiperson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))"
+"group_members" = "(&(objectclass=qzwiperson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))"
+"group_nonmembers" = "(&(objectclass=qzwiperson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))"
+"user_search" = "(&(objectclass=qzwiperson)(uid={}))"
+
 [metadata.openldap.access."ou=Users,dc=qzwi,dc=de"]
 manage = [
  "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",