diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh index 09077860..3ab6e9e9 100755 --- a/docker/kolab/kolab-init.sh +++ b/docker/kolab/kolab-init.sh @@ -1,37 +1,29 @@ #!/bin/bash if [ -d "/etc/dirsrv/slapd-kolab/" ]; then exit 0 fi cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl pushd /root/utils/ ./01-reverse-etc-hosts.sh && echo "01 done" ./02-write-my.cnf.sh && echo "02 done" ./03-setup-kolab.sh && echo "03 done" ./04-reset-mysql-kolab-password.sh && echo "04 done" -./05-replace-localhost.sh && echo "05 done" -./07-adjust-base-dns.sh && echo "07 done" -./08-disable-amavisd.sh && echo "08 done" -./09-enable-debugging.sh && echo "09 done" -./10-change-port-numbers.sh && echo "10 done" +./05-adjust-configs.sh && echo "05 done" ./10-reset-kolab-service-password.sh && echo "10 done" ./11-reset-cyrus-admin-password.sh && echo "11 done" ./12-create-hosted-kolab-service.sh && echo "12 done" ./13-create-ou-domains.sh && echo "13 done" ./14-create-management-domain.sh && echo "14 done" ./15-create-hosted-domain.sh && echo "15 done" ./16-remove-cn-kolab-cn-config.sh && echo "16 done" ./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done" -./18-adjust-kolab-conf.sh && echo "18 done" -./19-turn-on-vlv-in-roundcube.sh && echo "19 done" ./20-add-alias-attribute-index.sh && echo "20 done" -./21-adjust-postfix-config.sh && echo "21 done" # FIXME we can only create the resource once the owner exists #./22-create-resource.sh && echo "22 done" ./23-patch-system.sh && echo "23 done" -./24-roundcubeconfig.sh && echo "24 done" touch /tmp/kolab-init.done diff --git a/docker/kolab/utils/05-adjust-configs.sh b/docker/kolab/utils/05-adjust-configs.sh new file mode 100755 index 00000000..1417a5aa --- /dev/null +++ b/docker/kolab/utils/05-adjust-configs.sh @@ -0,0 +1,179 @@ +#!/bin/bash + +# if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then +# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ +# -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" + +# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ +# -e "FLUSH PRIVILEGES;" +# fi + +# Replace localhost +sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php +sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \ + -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini +#sed -i -e "s/server_host.*/server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/* +sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php +sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php +sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \ + -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST:-127.0.0.1}';|" \ + -e "/default_port/s|= .*$|= ${IMAP_PORT:-11993};|" \ + -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST:-127.0.0.1}';|" \ + -e "/smtp_port/s/= .*$/= ${MAIL_PORT:-10587};/" \ + -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php +sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php + + +. ./settings.sh + +#Adjust basedn +sed -i -r \ + -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \ + -e "/\\\$mydomain = / a\ +\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \ + -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \ + -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \ + -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \ + -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \ + -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \ + /etc/amavisd/amavisd.conf \ + /etc/kolab-freebusy/config.ini \ + /etc/postfix/ldap/*.cf \ + /etc/roundcubemail/config.inc.php \ + /etc/roundcubemail/calendar.inc.php \ + /etc/roundcubemail/kolab_auth.inc.php + +sed -i -r \ + -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \ + /etc/postfix/ldap/mydestination.cf + + +#Disable amavisd +postconf -e content_filter='smtp-wallace:[127.0.0.1]:10026' + +systemctl stop amavisd +systemctl disable amavisd + +systemctl stop clamd@amavisd +systemctl disable clamd@amavisd + + +# Change port numbers +cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + +cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem +chown postfix:mail /etc/pki/tls/private/postfix.pem +chmod 655 /etc/pki/tls/private/postfix.pem + +sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf +sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf + +# Remove the submission block, by matching from submission until the next empty line +sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf + +# Insert a new submission block with a modified port +cat >> /etc/postfix/master.cf << EOF +127.0.0.1:10587 inet n - n - - smtpd + -o cleanup_service_name=cleanup_submission + -o syslog_name=postfix/submission + #-o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_authenticated_header=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_data_restrictions=\$submission_data_restrictions + -o smtpd_recipient_restrictions=\$submission_recipient_restrictions + -o smtpd_sender_restrictions=\$submission_sender_restrictions + +127.0.0.1:10465 inet n - n - - smtpd + -o cleanup_service_name=cleanup_submission + -o rewrite_service_name=rewrite_submission + -o syslog_name=postfix/smtps + -o mydestination= + -o local_recipient_maps= + -o relay_domains= + -o relay_recipient_maps= + #-o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_authenticated_header=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_sender_restrictions=\$submission_sender_restrictions + -o smtpd_recipient_restrictions=\$submission_recipient_restrictions + -o smtpd_data_restrictions=\$submission_data_restrictions +EOF + + +sed -i -r \ + -e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \ + -e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \ + -e "s/inetOrgPerson/inetorgperson/g" \ + -e "s/kolabInetOrgPerson/inetorgperson/g" \ + /etc/roundcubemail/*.inc.php + + +# Adjust postfix + +# new: (inetdomainstatus:1.2.840.113556.1.4.803:=1) +# active: (inetdomainstatus:1.2.840.113556.1.4.803:=2) +# suspended: (inetdomainstatus:1.2.840.113556.1.4.803:=4) +# deleted: (inetdomainstatus:1.2.840.113556.1.4.803:=8) +# confirmed: (inetdomainstatus:1.2.840.113556.1.4.803:=16) +# verified: (inetdomainstatus:1.2.840.113556.1.4.803:=32) +# ready: (inetdomainstatus:1.2.840.113556.1.4.803:=64) + +sed -i -r \ + -e 's/^query_filter.*$/query_filter = (\&(associatedDomain=%s)(inetdomainstatus:1.2.840.113556.1.4.803:=18)(!(inetdomainstatus:1.2.840.113556.1.4.803:=4)))/g' \ + /etc/postfix/ldap/mydestination.cf + +# new: (inetuserstatus:1.2.840.113556.1.4.803:=1) +# active: (inetuserstatus:1.2.840.113556.1.4.803:=2) +# suspended: (inetuserstatus:1.2.840.113556.1.4.803:=4) +# deleted: (inetuserstatus:1.2.840.113556.1.4.803:=8) +# ldapready: (inetuserstatus:1.2.840.113556.1.4.803:=16) +# imapready: (inetuserstatus:1.2.840.113556.1.4.803:=32) + +sed -i -r \ + -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \ + /etc/postfix/ldap/local_recipient_maps.cf + +systemctl restart postfix + + + +sed -i -r -e "s|$config\['kolab_files_url'\] = .*$|$config['kolab_files_url'] = 'https://' \. \$_SERVER['HTTP_HOST'] . '/chwala/';|g" /etc/roundcubemail/kolab_files.inc.php + +sed -i -r -e "s|$config\['kolab_invitation_calendars'\] = .*$|$config['kolab_invitation_calendars'] = true;|g" /etc/roundcubemail/calendar.inc.php + +sed -i -r -e "/^.*'contextmenu',$/a 'enigma'," /etc/roundcubemail/config.inc.php + +sed -i -r -e "s|$config\['enigma_passwordless'\] = .*$|$config['enigma_passwordless'] = true;|g" /etc/roundcubemail/enigma.inc.php +sed -i -r -e "s|$config\['enigma_multihost'\] = .*$|$config['enigma_multihost'] = true;|g" /etc/roundcubemail/enigma.inc.php + +echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php + +# Run it over haproxy then nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work. +sed -i -r -e "s|$config\['default_host'\] = .*$|$config['default_host'] = 'tls://127.0.0.1';|g" /etc/roundcubemail/config.inc.php +sed -i -r -e "s|$config\['default_port'\] = .*$|$config['default_port'] = 145;|g" /etc/roundcubemail/config.inc.php + +# So we can just append +sed -i "s/?>//g" /etc/roundcubemail/config.inc.php + +# Enable the PROXY protocol +cat << EOF >> /etc/roundcubemail/config.inc.php + \$config['imap_conn_options'] = Array( + 'ssl' => Array( + 'verify_peer_name' => false, + 'verify_peer' => false, + 'allow_self_signed' => true + ), + 'proxy_protocol' => 2 + ); + \$config['proxy_whitelist'] = array('127.0.0.1'); +EOF + +echo "?>" >> /etc/roundcubemail/config.inc.php + + +# Send dns queries over powerdns +# rm -f /etc/resolv.conf +# echo "nameserver 127.0.0.1:9953" > /etc/resolv.conf diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh deleted file mode 100755 index d0d3231e..00000000 --- a/docker/kolab/utils/05-replace-localhost.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then -# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ -# -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" - -# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ -# -e "FLUSH PRIVILEGES;" -# fi - -sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php -sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \ - -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini -#sed -i -e "s/server_host.*/server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/* -sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php -sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php -sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \ - -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST:-127.0.0.1}';|" \ - -e "/default_port/s|= .*$|= ${IMAP_PORT:-11993};|" \ - -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST:-127.0.0.1}';|" \ - -e "/smtp_port/s/= .*$/= ${MAIL_PORT:-10587};/" \ - -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php -sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php - -systemctl restart postfix diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh deleted file mode 100755 index d2dcd012..00000000 --- a/docker/kolab/utils/07-adjust-base-dns.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -. ./settings.sh - -sed -i -r \ - -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \ - -e "/\\\$mydomain = / a\ -\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \ - -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \ - -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \ - -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \ - -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \ - -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \ - /etc/amavisd/amavisd.conf \ - /etc/kolab-freebusy/config.ini \ - /etc/postfix/ldap/*.cf \ - /etc/roundcubemail/config.inc.php \ - /etc/roundcubemail/calendar.inc.php \ - /etc/roundcubemail/kolab_auth.inc.php - -sed -i -r \ - -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \ - /etc/postfix/ldap/mydestination.cf - -systemctl restart cyrus-imapd postfix diff --git a/docker/kolab/utils/08-disable-amavisd.sh b/docker/kolab/utils/08-disable-amavisd.sh deleted file mode 100755 index 4c93b16f..00000000 --- a/docker/kolab/utils/08-disable-amavisd.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -postconf -e content_filter='smtp-wallace:[127.0.0.1]:10026' - -systemctl restart postfix - -systemctl stop amavisd -systemctl disable amavisd - -systemctl stop clamd@amavisd -systemctl disable clamd@amavisd diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh deleted file mode 100755 index 1bab380f..00000000 --- a/docker/kolab/utils/10-change-port-numbers.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem - -cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem -chown postfix:mail /etc/pki/tls/private/postfix.pem -chmod 655 /etc/pki/tls/private/postfix.pem - -sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf -sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf - -# Remove the submission block, by matching from submission until the next empty line -sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf - -# Insert a new submission block with a modified port -cat >> /etc/postfix/master.cf << EOF -127.0.0.1:10587 inet n - n - - smtpd - -o cleanup_service_name=cleanup_submission - -o syslog_name=postfix/submission - #-o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_sasl_authenticated_header=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o smtpd_data_restrictions=\$submission_data_restrictions - -o smtpd_recipient_restrictions=\$submission_recipient_restrictions - -o smtpd_sender_restrictions=\$submission_sender_restrictions - -127.0.0.1:10465 inet n - n - - smtpd - -o cleanup_service_name=cleanup_submission - -o rewrite_service_name=rewrite_submission - -o syslog_name=postfix/smtps - -o mydestination= - -o local_recipient_maps= - -o relay_domains= - -o relay_recipient_maps= - #-o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_sasl_authenticated_header=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o smtpd_sender_restrictions=\$submission_sender_restrictions - -o smtpd_recipient_restrictions=\$submission_recipient_restrictions - -o smtpd_data_restrictions=\$submission_data_restrictions -EOF - -systemctl restart postfix diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh deleted file mode 100755 index 761dca0d..00000000 --- a/docker/kolab/utils/18-adjust-kolab-conf.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -. ./settings.sh - -# sed -r -i \ -# -e "s/^base_dn.*$/base_dn = ${rootdn}/g" \ -# -e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \ -# -e "s/^user_base_dn.*$/user_base_dn = ${hosted_domain_rootdn}/g" \ -# -e "s/^kolab_user_base_dn.*$/kolab_user_base_dn = ${hosted_domain_rootdn}/g" \ -# -e "s/^group_base_dn.*$/group_base_dn = ${hosted_domain_rootdn}/g" \ -# -e "s/^sharedfolder_base_dn.*$/sharedfolder_base_dn = ${hosted_domain_rootdn}/g" \ -# -e "s/^resource_base_dn.*$/resource_base_dn = ${hosted_domain_rootdn}/g" \ -# -e '/^primary_mail/ a\ -# daemon_rcpt_policy = False' \ -# -e '/^primary_mail/d' \ -# -e '/secondary_mail/,+10d' \ -# -e '/autocreate_folders/,+77d' \ -# -e "/^\[kolab_wap\]/ a\ -# mgmt_root_dn = ${rootdn}" \ -# -e "/^\[kolab_wap\]/ a\ -# hosted_root_dn = ${hosted_domain_rootdn}" \ -# -e "/^\[kolab_wap\]/ a\ -# api_url = http://127.0.0.1:9080/kolab-webadmin/api" \ -# -e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \ -# -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \ -# -e "/^\[wallace\]/ a\ -# webmail_url = https://%(domain)s/roundcubemail" \ -# /etc/kolab/kolab.conf - -systemctl restart kolabd -systemctl restart kolab-saslauthd diff --git a/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh b/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh deleted file mode 100755 index 75a1ece1..00000000 --- a/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -sed -i -r \ - -e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \ - -e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \ - -e "s/inetOrgPerson/inetorgperson/g" \ - -e "s/kolabInetOrgPerson/inetorgperson/g" \ - /etc/roundcubemail/*.inc.php diff --git a/docker/kolab/utils/21-adjust-postfix-config.sh b/docker/kolab/utils/21-adjust-postfix-config.sh deleted file mode 100755 index e3b4f8a8..00000000 --- a/docker/kolab/utils/21-adjust-postfix-config.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -# new: (inetdomainstatus:1.2.840.113556.1.4.803:=1) -# active: (inetdomainstatus:1.2.840.113556.1.4.803:=2) -# suspended: (inetdomainstatus:1.2.840.113556.1.4.803:=4) -# deleted: (inetdomainstatus:1.2.840.113556.1.4.803:=8) -# confirmed: (inetdomainstatus:1.2.840.113556.1.4.803:=16) -# verified: (inetdomainstatus:1.2.840.113556.1.4.803:=32) -# ready: (inetdomainstatus:1.2.840.113556.1.4.803:=64) - -sed -i -r \ - -e 's/^query_filter.*$/query_filter = (\&(associatedDomain=%s)(inetdomainstatus:1.2.840.113556.1.4.803:=18)(!(inetdomainstatus:1.2.840.113556.1.4.803:=4)))/g' \ - /etc/postfix/ldap/mydestination.cf - -# new: (inetuserstatus:1.2.840.113556.1.4.803:=1) -# active: (inetuserstatus:1.2.840.113556.1.4.803:=2) -# suspended: (inetuserstatus:1.2.840.113556.1.4.803:=4) -# deleted: (inetuserstatus:1.2.840.113556.1.4.803:=8) -# ldapready: (inetuserstatus:1.2.840.113556.1.4.803:=16) -# imapready: (inetuserstatus:1.2.840.113556.1.4.803:=32) - -sed -i -r \ - -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \ - /etc/postfix/ldap/local_recipient_maps.cf - -systemctl restart postfix diff --git a/docker/kolab/utils/24-roundcubeconfig.sh b/docker/kolab/utils/24-roundcubeconfig.sh deleted file mode 100755 index 7ce34ca1..00000000 --- a/docker/kolab/utils/24-roundcubeconfig.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -sed -i -r -e "s|$config\['kolab_files_url'\] = .*$|$config['kolab_files_url'] = 'https://' \. \$_SERVER['HTTP_HOST'] . '/chwala/';|g" /etc/roundcubemail/kolab_files.inc.php - -sed -i -r -e "s|$config\['kolab_invitation_calendars'\] = .*$|$config['kolab_invitation_calendars'] = true;|g" /etc/roundcubemail/calendar.inc.php - -sed -i -r -e "/^.*'contextmenu',$/a 'enigma'," /etc/roundcubemail/config.inc.php - -sed -i -r -e "s|$config\['enigma_passwordless'\] = .*$|$config['enigma_passwordless'] = true;|g" /etc/roundcubemail/enigma.inc.php -sed -i -r -e "s|$config\['enigma_multihost'\] = .*$|$config['enigma_multihost'] = true;|g" /etc/roundcubemail/enigma.inc.php - -echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php - -# Run it over haproxy then nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work. -sed -i -r -e "s|$config\['default_host'\] = .*$|$config['default_host'] = 'tls://127.0.0.1';|g" /etc/roundcubemail/config.inc.php -sed -i -r -e "s|$config\['default_port'\] = .*$|$config['default_port'] = 145;|g" /etc/roundcubemail/config.inc.php - -# So we can just append -sed -i "s/?>//g" /etc/roundcubemail/config.inc.php - -# Enable the PROXY protocol -cat << EOF >> /etc/roundcubemail/config.inc.php - \$config['imap_conn_options'] = Array( - 'ssl' => Array( - 'verify_peer_name' => false, - 'verify_peer' => false, - 'allow_self_signed' => true - ), - 'proxy_protocol' => 2 - ); - \$config['proxy_whitelist'] = array('127.0.0.1'); -EOF - -echo "?>" >> /etc/roundcubemail/config.inc.php - - -# Send dns queries over powerdns -rm -f /etc/resolv.conf -echo "nameserver 127.0.0.1:9953" > /etc/resolv.conf