diff --git a/docker-compose.yml b/docker-compose.yml --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,6 +29,14 @@ environment: - DB_HOST=${DB_HOST} - DB_ROOT_PASSWORD=Welcome2KolabSystems + - DB_HKCCP_DATABASE=${DB_DATABASE} + - DB_HKCCP_USERNAME=${DB_USERNAME} + - DB_HKCCP_PASSWORD=${DB_PASSWORD} + - DB_KOLAB_DATABASE=kolab + - DB_KOLAB_USERNAME=kolab + - DB_KOLAB_PASSWORD=Welcome2KolabSystems + - DB_RC_USERNAME=roundcube + - DB_RC_PASSWORD=Welcome2KolabSystems - IMAP_HOST=127.0.0.1 - IMAP_PORT=11993 - MAIL_HOST=127.0.0.1 diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -43,7 +43,7 @@ RUN rpm --import https://mirror.kolabenterprise.com/maipo.asc RUN yum -y install https://mirror.kolabenterprise.com/kolab-16-for-el7.rpm && \ - yum -y install kolab-16-release-development && \ + yum -y install kolab-16-release-development patch && \ yum clean all RUN yum -y --setopt tsflags= install kolab diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh --- a/docker/kolab/kolab-init.sh +++ b/docker/kolab/kolab-init.sh @@ -30,5 +30,9 @@ ./19-turn-on-vlv-in-roundcube.sh && echo "19 done" ./20-add-alias-attribute-index.sh && echo "20 done" ./21-adjust-postfix-config.sh && echo "21 done" +# FIXME we can only create the resource once the owner exists +#./22-create-resource.sh && echo "22 done" +./23-patch-system.sh && echo "23 done" +./24-roundcubeconfig.sh && echo "24 done" touch /tmp/kolab-init.done diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh --- a/docker/kolab/utils/02-write-my.cnf.sh +++ b/docker/kolab/utils/02-write-my.cnf.sh @@ -4,5 +4,5 @@ [client] host=${DB_HOST:-127.0.0.1} user=root -password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} +password=${DB_ROOT_PASSWORD} EOF diff --git a/docker/kolab/utils/04-reset-mysql-kolab-password.sh b/docker/kolab/utils/04-reset-mysql-kolab-password.sh --- a/docker/kolab/utils/04-reset-mysql-kolab-password.sh +++ b/docker/kolab/utils/04-reset-mysql-kolab-password.sh @@ -1,15 +1,20 @@ #!/bin/bash -sqlpw=$(grep ^sql_uri /etc/kolab/kolab.conf | awk -F':' '{print $3}' | awk -F'@' '{print $1}') +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "SET PASSWORD FOR '${DB_HKCCP_USERNAME}'@'%' = PASSWORD('${DB_HKCCP_PASSWORD}');" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "SET PASSWORD FOR '${DB_HKCCP_USERNAME:-kolabdev}'@'%' = PASSWORD('${DB_HKCCP_PASSWORD:-kolab}');" +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "SET PASSWORD FOR '${DB_KOLAB_USERNAME}'@'localhost' = PASSWORD('${DB_KOLAB_PASSWORD}');" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "SET PASSWORD FOR '${DB_KOLAB_USERNAME:-kolab}'@'%' = PASSWORD('${DB_KOLAB_PASSWORD:=$sqlpw}');" +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "CREATE USER '${DB_KOLAB_USERNAME}'@'%' IDENTIFIED BY '${DB_KOLAB_PASSWORD}'; FLUSH PRIVILEGES;" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "SET PASSWORD FOR '${DB_RC_USERNAME:-roundcube}'@'%' = PASSWORD('${DB_RC_PASSWORD:-Welcome2KolabSystems}');" +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "SET PASSWORD FOR '${DB_RC_USERNAME}'@'localhost' = PASSWORD('${DB_RC_PASSWORD}');" + +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "CREATE USER '${DB_RC_USERNAME}'@'%' IDENTIFIED BY '${DB_RC_PASSWORD}'; FLUSH PRIVILEGES;" + +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "SET PASSWORD FOR '${DB_RC_USERNAME}'@'%' = PASSWORD('${DB_RC_PASSWORD}');" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "CREATE USER '${DB_RC_USERNAME:-roundcube}'@'%' IDENTIFIED BY '${DB_RC_PASSWORD:-Welcome2KolabSystems}'; FLUSH PRIVILEGES;" diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh --- a/docker/kolab/utils/05-replace-localhost.sh +++ b/docker/kolab/utils/05-replace-localhost.sh @@ -1,25 +1,25 @@ #!/bin/bash if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then - mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ + mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \ -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" - mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ + mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \ -e "FLUSH PRIVILEGES;" fi sed -i -e "s#^ldap_servers:.*#ldap_servers: ldap://${LDAP_HOST:-127.0.0.1}:389#" /etc/imapd.conf sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php sed -i -e "s#^ldap_uri.*#ldap_uri = ldap://${LDAP_HOST:-127.0.0.1}:389#" \ - -e "s#^cache_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#cache_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \ - -e "s#^sql_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#sql_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \ + -e "s#^cache_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#cache_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \ + -e "s#^sql_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#sql_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \ -e "s#^uri.*#uri = imaps://${IMAP_HOST:-127.0.0.1}:11993#" /etc/kolab/kolab.conf sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \ -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini #sed -i -e "s/server_host.*/server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/* sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php -sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME:-roundcube}:${DB_RC_PASSWORD:-Welcome2KolabSystems}@${DB_HOST:-127.0.0.1}/${DB_RC_DATABASE:-roundcube}';#" \ +sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \ -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST:-127.0.0.1}';|" \ -e "/default_port/s|= .*$|= ${IMAP_PORT:-11993};|" \ -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST:-127.0.0.1}';|" \ diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh --- a/docker/kolab/utils/06-mysql-for-kolabdev.sh +++ b/docker/kolab/utils/06-mysql-for-kolabdev.sh @@ -1,11 +1,11 @@ #!/bin/bash -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE:-kolabdev};" +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE};" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE:-kolabdev}.* TO '${DB_HKCCP_USERNAME:-kolabdev}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD:-kolab}';" +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ + -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';" -mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ +mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \ -e "FLUSH PRIVILEGES;" diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh --- a/docker/kolab/utils/07-adjust-base-dns.sh +++ b/docker/kolab/utils/07-adjust-base-dns.sh @@ -21,6 +21,7 @@ /etc/kolab-freebusy/config.ini \ /etc/postfix/ldap/*.cf \ /etc/roundcubemail/config.inc.php \ + /etc/roundcubemail/calendar.inc.php \ /etc/roundcubemail/kolab_auth.inc.php sed -i -r \ diff --git a/docker/kolab/utils/09-enable-debugging.sh b/docker/kolab/utils/09-enable-debugging.sh --- a/docker/kolab/utils/09-enable-debugging.sh +++ b/docker/kolab/utils/09-enable-debugging.sh @@ -6,3 +6,6 @@ systemctl restart cyrus-imapd sed -i -r -e "s/_debug'] = (.*);/_debug'] = true;/g" /etc/roundcubemail/config.inc.php + +echo "FLAGS=\"--fork -l debug -d 8\"" > /etc/sysconfig/wallace +systemctl restart wallace diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh --- a/docker/kolab/utils/10-change-port-numbers.sh +++ b/docker/kolab/utils/10-change-port-numbers.sh @@ -20,7 +20,7 @@ systemctl restart cyrus-imapd # Remove the submission block, by matching from submission until the next empty line -sed -e '/submission inet/,/^$/d' /etc/postfix/master.cf +sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf # Insert a new submission block with a modified port cat >> /etc/postfix/master.cf << EOF diff --git a/docker/kolab/utils/21-adjust-postfix-config.sh b/docker/kolab/utils/21-adjust-postfix-config.sh --- a/docker/kolab/utils/21-adjust-postfix-config.sh +++ b/docker/kolab/utils/21-adjust-postfix-config.sh @@ -19,8 +19,11 @@ # ldapready: (inetuserstatus:1.2.840.113556.1.4.803:=16) # imapready: (inetuserstatus:1.2.840.113556.1.4.803:=32) +# sed -i -r \ +# -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(inetuserstatus:1.2.840.113556.1.4.803:=50)(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \ +# /etc/postfix/ldap/local_recipient_maps.cf sed -i -r \ - -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(inetuserstatus:1.2.840.113556.1.4.803:=50)(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \ + -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \ /etc/postfix/ldap/local_recipient_maps.cf systemctl restart postfix diff --git a/docker/kolab/utils/22-create-resource.sh b/docker/kolab/utils/22-create-resource.sh new file mode 100755 --- /dev/null +++ b/docker/kolab/utils/22-create-resource.sh @@ -0,0 +1,18 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=TestResource,ou=Resources,ou=kolab.org,${hosted_domain_rootdn}" + echo "cn: TestResource" + echo "owner: uid=jack@kolab.org,ou=People,ou=kolab.org,${hosted_domain_rootdn}" + echo "kolabTargetFolder: shared/Resources/TestResource@kolab.org" + echo "mail: resource-confroom-testresource@kolab.org" + echo "objectClass: top" + echo "objectClass: kolabsharedfolder" + echo "objectClass: kolabresource" + echo "objectClass: mailrecipient" + echo "kolabFolderType: event" + echo "kolabInvitationPolicy: ACT_MANUAL" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" diff --git a/docker/kolab/utils/23-patch-system.sh b/docker/kolab/utils/23-patch-system.sh new file mode 100755 --- /dev/null +++ b/docker/kolab/utils/23-patch-system.sh @@ -0,0 +1,11 @@ +#!/bin/bash + + . ./settings.sh + +PATCHPATH=$(pwd)/patches + +pushd /usr/lib/python2.7/site-packages/ || exit +patch -p1 < "$PATCHPATH/0001-Resolve-base_dn-in-kolab_user_base_dn-user_base_dn-a.patch" +popd || exit +systemctl restart kolabd +systemctl restart wallace diff --git a/docker/kolab/utils/24-roundcubeconfig.sh b/docker/kolab/utils/24-roundcubeconfig.sh new file mode 100755 --- /dev/null +++ b/docker/kolab/utils/24-roundcubeconfig.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +sed -i -r -e "s/\$config = array();/\$config = array();\r\$config['use_https'] = false;/g" /etc/roundcubemail/config.inc.php + +sed -i -r -e "s/\$config['kolab_files_url'] =.*$/\$config['kolab_files_url'] = 'https://' \. \$_SERVER['HTTP_HOST'] . '/chwala/';/g" /etc/roundcubemail/kolab_files.inc.php diff --git a/docker/kolab/utils/patches/0001-Resolve-base_dn-in-kolab_user_base_dn-user_base_dn-a.patch b/docker/kolab/utils/patches/0001-Resolve-base_dn-in-kolab_user_base_dn-user_base_dn-a.patch new file mode 100644 --- /dev/null +++ b/docker/kolab/utils/patches/0001-Resolve-base_dn-in-kolab_user_base_dn-user_base_dn-a.patch @@ -0,0 +1,92 @@ +From f0a02b4484360617baa434bada6c651b8b0b5d30 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak +Date: Fri, 1 Oct 2021 15:08:12 +0200 +Subject: [PATCH 1/2] Resolve %base_dn in kolab_user_base_dn, user_base_dn and + resource_base_dn + +Reviewers: #pykolab_developers, vanmeeuwen + +Reviewed By: #pykolab_developers, vanmeeuwen + +Subscribers: #pykolab_developers + +Differential Revision: https://git.kolab.org/D2900 +--- + pykolab/auth/ldap/__init__.py | 40 ++++++++++++++++++++--------------- + 1 file changed, 23 insertions(+), 17 deletions(-) + +diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py +index 5c8c668..046c30c 100644 +--- a/pykolab/auth/ldap/__init__.py ++++ b/pykolab/auth/ldap/__init__.py +@@ -647,13 +647,7 @@ class LDAP(Base): + if len(_filter) <= 6: + return None + +- config_base_dn = self.config_get('resource_base_dn') +- ldap_base_dn = self._kolab_domain_root_dn(self.domain) +- +- if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: +- resource_base_dn = ldap_base_dn +- else: +- resource_base_dn = config_base_dn ++ resource_base_dn = self._object_base_dn('resource') + + _results = self.ldap.search_s( + resource_base_dn, +@@ -801,13 +795,7 @@ class LDAP(Base): + if len(_filter) <= 6: + return None + +- config_base_dn = self.config_get('resource_base_dn') +- ldap_base_dn = self._kolab_domain_root_dn(self.domain) +- +- if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: +- resource_base_dn = ldap_base_dn +- else: +- resource_base_dn = config_base_dn ++ resource_base_dn = self._object_base_dn('resource') + + _results = self.ldap.search_s( + resource_base_dn, +@@ -2470,9 +2458,7 @@ class LDAP(Base): + + conf_prefix = 'kolab_' if kolabuser else '' + +- user_base_dn = self.config_get(conf_prefix + 'user_base_dn') +- if user_base_dn is None: +- user_base_dn = self.config_get('base_dn') ++ user_base_dn = self._object_base_dn('user', conf_prefix) + + auth_attrs = self.config_get_list('auth_attributes') + +@@ -2684,6 +2670,26 @@ class LDAP(Base): + + return domains + ++ def _object_base_dn(self, objectType, prefix=''): ++ """ ++ Get configured base DN for specified Kolab object type ++ """ ++ object_base_dn = self.config_get(prefix + objectType + '_base_dn') ++ config_base_dn = self.config_get('base_dn') ++ ldap_base_dn = self._kolab_domain_root_dn(self.domain) ++ ++ if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: ++ base_dn = ldap_base_dn ++ else: ++ base_dn = config_base_dn ++ ++ if object_base_dn is None: ++ object_base_dn = base_dn ++ else: ++ object_base_dn = object_base_dn % ({'base_dn': base_dn}) ++ ++ return object_base_dn ++ + def _synchronize_callback(self, *args, **kw): + """ + Determine the characteristics of the callback being placed, and +-- +2.33.1 +