diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile index 4ff7feb8..9b0a6aa7 100644 --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -1,24 +1,25 @@ FROM kolab/centos7:latest RUN yum -y install rsyslog && \ + yum --enablerepo=kolab-16-updates-testing -y update pykolab && \ yum clean all -RUN systemctl disable \ - avahi-daemon.service \ - avahi-daemon.socket \ - sshd.service && \ - systemctl enable rsyslog - -RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config - COPY kolab-init.service /etc/systemd/system/kolab-init.service -COPY kolab-init.sh /usr/local/sbin/ -RUN chmod 750 /usr/local/sbin/kolab-init.sh +COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ ln -s /etc/systemd/system/kolab-init.service \ - /etc/systemd/system/multi-user.target.wants/kolab-init.service + /etc/systemd/system/multi-user.target.wants/kolab-init.service && \ + ln -s /etc/systemd/system/kolab-vlv.service \ + /etc/systemd/system/multi-user.target.wants/kolab-vlv.service + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +COPY kolab-init.sh /usr/local/sbin/ +RUN chmod 750 /usr/local/sbin/kolab-init.sh +COPY kolab-vlv.sh /usr/local/sbin/ +RUN chmod 750 /usr/local/sbin/kolab-vlv.sh CMD ["/lib/systemd/systemd"] EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh index 9ad1399d..684a2c7c 100755 --- a/docker/kolab/kolab-init.sh +++ b/docker/kolab/kolab-init.sh @@ -1,22 +1,30 @@ #!/bin/bash -if [ ! -d "/etc/dirsrv/slapd-kolab/" ]; then - setup-kolab \ - --default \ - --timezone=Europe/Zurich \ - --mysqlserver=new \ - --directory-manager-pwd=Welcome2KolabSystems 2>&1 | tee /root/setup-kolab.log +if [ -d "/etc/dirsrv/slapd-kolab/" ]; then + exit 0 fi pushd /root/utils/ -./01-reset-kolab-service-password.sh -./02-reset-cyrus-admin-password.sh -./03-create-hosted-kolab-service.sh -./04-create-ou-domains.sh -./05-create-management-domain.sh -./06-create-hosted-domain.sh -./07-remove-cn-kolab-cn-config.sh -./08-remove-hosted-service-access-from-mgmt-domain.sh -./09-add-self-reg-hosted-domain.sh -./10-adjust-kolab-conf.sh -popd + +./01-reverse-etc-hosts.sh +./02-write-my.cnf.sh +./03-setup-kolab.sh +./04-reset-mysql-kolab-password.sh +./05-replace-localhost.sh +./06-mysql-for-kolabdev.sh +./07-adjust-base-dns.sh +./08-disable-amavisd.sh +./09-enable-debugging.sh +./10-reset-kolab-service-password.sh +./11-reset-cyrus-admin-password.sh +./12-create-hosted-kolab-service.sh +./13-create-ou-domains.sh +./14-create-management-domain.sh +./15-create-hosted-domain.sh +./16-remove-cn-kolab-cn-config.sh +./17-remove-hosted-service-access-from-mgmt-domain.sh +./18-adjust-kolab-conf.sh +./19-turn-on-vlv-in-roundcube.sh +./20-add-alias-attribute-index.sh + +touch /tmp/kolab-init.done diff --git a/docker/kolab/kolab-vlv.service b/docker/kolab/kolab-vlv.service new file mode 100644 index 00000000..5bbef562 --- /dev/null +++ b/docker/kolab/kolab-vlv.service @@ -0,0 +1,9 @@ +[Unit] +Description=Kolab VLV and SSS Service + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/kolab-vlv.sh + +[Install] +WantedBy=multi-user.target diff --git a/docker/kolab/kolab-vlv.sh b/docker/kolab/kolab-vlv.sh new file mode 100755 index 00000000..49642b4b --- /dev/null +++ b/docker/kolab/kolab-vlv.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +pushd /root/utils/ + +while [ ! -f /tmp/kolab-init.done ]; do + sleep 5 +done + +./50-add-vlv-searches.sh +./51-add-vlv-indexes.sh +./52-run-vlv-index-tasks.sh diff --git a/docker/kolab/utils/01-reset-kolab-service-password.sh b/docker/kolab/utils/01-reset-kolab-service-password.sh deleted file mode 100755 index 00cde762..00000000 --- a/docker/kolab/utils/01-reset-kolab-service-password.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -. ./settings.sh - -( - echo "dn: uid=kolab-service,ou=Special Users,${rootdn}" - echo "changetype: modify" - echo "replace: userpassword" - echo "userpassword: ${ldap_bindpw}" - echo "" -) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -f - diff --git a/docker/kolab/utils/01-reverse-etc-hosts.sh b/docker/kolab/utils/01-reverse-etc-hosts.sh new file mode 100755 index 00000000..0b0280db --- /dev/null +++ b/docker/kolab/utils/01-reverse-etc-hosts.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +cp /etc/hosts /etc/hosts.orig +tac /etc/hosts.orig > /etc/hosts diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh new file mode 100755 index 00000000..df221775 --- /dev/null +++ b/docker/kolab/utils/02-write-my.cnf.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +cat > /root/.my.cnf << EOF +[client] +host=127.0.0.1 +user=root +password=Welcome2KolabSystems +EOF + diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh new file mode 100755 index 00000000..5637cb0f --- /dev/null +++ b/docker/kolab/utils/03-setup-kolab.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +setup-kolab \ + --default \ + --fqdn=kolab.mgmt.com \ + --timezone=Europe/Zurich \ + --mysqlhost=127.0.0.1 \ + --mysqlserver=existing \ + --mysqlrootpw=Welcome2KolabSystems \ + --directory-manager-pwd=Welcome2KolabSystems 2>&1 | tee /root/setup-kolab.log + diff --git a/docker/kolab/utils/04-reset-mysql-kolab-password.sh b/docker/kolab/utils/04-reset-mysql-kolab-password.sh new file mode 100755 index 00000000..07a18ad1 --- /dev/null +++ b/docker/kolab/utils/04-reset-mysql-kolab-password.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +sqlpw=$(grep ^sql_uri /etc/kolab/kolab.conf | awk -F':' '{print $3}' | awk -F'@' '{print $1}') + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "SET PASSWORD FOR 'kolab'@'localhost' = PASSWORD('${sqlpw}');" + diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh new file mode 100755 index 00000000..d7b783f0 --- /dev/null +++ b/docker/kolab/utils/05-replace-localhost.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "UPDATE mysql.user SET Host = '127.0.0.1' WHERE Host = 'localhost';" + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "FLUSH PRIVILEGES;" + +sed -i -e 's/localhost/127.0.0.1/g' \ + /etc/imapd.conf \ + /etc/iRony/dav.inc.php \ + /etc/kolab/kolab.conf \ + /etc/kolab-freebusy/config.ini \ + /etc/postfix/ldap/*.cf \ + /etc/roundcubemail/password.inc.php \ + /etc/roundcubemail/kolab_auth.inc.php \ + /etc/roundcubemail/config.inc.php \ + /etc/roundcubemail/calendar.inc.php + +systemctl restart cyrus-imapd postfix diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh new file mode 100755 index 00000000..7e9bb269 --- /dev/null +++ b/docker/kolab/utils/06-mysql-for-kolabdev.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "CREATE DATABASE kolabdev;" + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "GRANT ALL PRIVILEGES ON kolabdev.* TO 'kolabdev'@'127.0.0.1' IDENTIFIED BY 'kolab';" + +mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \ + -e "FLUSH PRIVILEGES;" + diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh new file mode 100755 index 00000000..398d7435 --- /dev/null +++ b/docker/kolab/utils/07-adjust-base-dns.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +. ./settings.sh + +echo "ldap_domain_base_dn: ${domain_base_dn}" >> /etc/imapd.conf + +sed -i -r \ + -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \ + -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \ + -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \ + -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \ + -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \ + -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \ + /etc/amavisd/amavisd.conf \ + /etc/kolab-freebusy/config.ini \ + /etc/postfix/ldap/*.cf \ + /etc/roundcubemail/config.inc.php \ + /etc/roundcubemail/kolab_auth.inc.php + +sed -i -r \ + -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \ + /etc/postfix/ldap/mydestination.cf + +systemctl restart cyrus-imapd postfix diff --git a/docker/kolab/utils/08-disable-amavisd.sh b/docker/kolab/utils/08-disable-amavisd.sh new file mode 100755 index 00000000..4c93b16f --- /dev/null +++ b/docker/kolab/utils/08-disable-amavisd.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +postconf -e content_filter='smtp-wallace:[127.0.0.1]:10026' + +systemctl restart postfix + +systemctl stop amavisd +systemctl disable amavisd + +systemctl stop clamd@amavisd +systemctl disable clamd@amavisd diff --git a/docker/kolab/utils/09-add-self-reg-hosted-domain.sh b/docker/kolab/utils/09-add-self-reg-hosted-domain.sh deleted file mode 100755 index 6dc604eb..00000000 --- a/docker/kolab/utils/09-add-self-reg-hosted-domain.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -. ./settings.sh - -( - echo "dn: associateddomain=${hosted_domain},ou=Domains,${rootdn}" - echo "objectclass: top" - echo "objectclass: domainrelatedobject" - echo "objectclass: inetdomain" - echo "inetdomainstatus: active" - echo "inetdomainbasedn: dc=kolabnow,dc=com" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "" - - echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config" - echo "objectClass: top" - echo "objectClass: extensibleObject" - echo "objectClass: nsMappingTree" - echo "nsslapd-state: backend" - echo "cn: ${hosted_domain_rootdn}" - echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "" - - echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config" - echo "objectClass: top" - echo "objectClass: extensibleobject" - echo "objectClass: nsbackendinstance" - echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "nsslapd-suffix: ${hosted_domain_rootdn}" - echo "nsslapd-cachesize: -1" - echo "nsslapd-cachememsize: 10485760" - echo "nsslapd-readonly: off" - echo "nsslapd-require-index: off" - echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')" - echo "nsslapd-dncachememsize: 10485760" - echo "" - -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -( - echo "dn: ${hosted_domain_rootdn}" - echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)" - echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)" - echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)" - echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)" - echo "aci: (targetattr =\"*\")(version 3.0;acl \"Kolab Administrators\";allow (all) (roledn=\"ldap:///cn=kolab-admin,${rootdn}\");)" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)" - echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${domain_rootdn}\");)" - echo "objectClass: top" - echo "objectClass: domain" - echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)" - echo "" -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" - -( - echo "dn: ou=Groups,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" - echo "ou: Groups" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=People,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn} || ldap:///ou=People,${hosted_domain_rootdn}??sub?(objectclass=*)\");)" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Allow Hosted Kolab Service\"; allow (search,add)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "aci: (targetattr != \"userPassword\") (version 3.0;acl \"Allow Kolab Service\"; allow (read,search,compare)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Self Search Access\";allow (read,compare,search)(userdn = \"ldap:///self\");)" - echo "ou: People" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Special Users,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" - echo "ou: Special Users" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Resources,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" - echo "ou: Resources" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - - echo "dn: ou=Shared Folders,${hosted_domain_rootdn}" - echo "aci: (targetattr = \"*\") (version 3.0;acl \"Deny Unauthorized\"; deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" - echo "ou: Shared Folders" - echo "objectClass: top" - echo "objectClass: organizationalunit" - echo "" - -) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" diff --git a/docker/kolab/utils/09-enable-debugging.sh b/docker/kolab/utils/09-enable-debugging.sh new file mode 100755 index 00000000..81b612e1 --- /dev/null +++ b/docker/kolab/utils/09-enable-debugging.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +echo "chatty: 1" >> /etc/imapd.conf +echo "debug: 1" >> /etc/imapd.conf + +systemctl restart cyrus-imapd + +sed -i -r -e "s/_debug'] = (.*);/_debug'] = true;/g" /etc/roundcubemail/config.inc.php diff --git a/docker/kolab/utils/10-reset-kolab-service-password.sh b/docker/kolab/utils/10-reset-kolab-service-password.sh new file mode 100755 index 00000000..b3257aa0 --- /dev/null +++ b/docker/kolab/utils/10-reset-kolab-service-password.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +. ./settings.sh + +( + echo "dn: uid=kolab-service,ou=Special Users,${rootdn}" + echo "changetype: modify" + echo "replace: userpassword" + echo "userpassword: ${ldap_bindpw}" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + +oldpw=$(grep ^service_bind_pw /etc/kolab/kolab.conf | awk '{print $3}') + +sed -i -r \ + -e "s/${oldpw}/${ldap_bindpw}/g" \ + $(grep -rn -- ${oldpw} /etc/ | awk -F':' '{print $1}' | sort -u) + +systemctl restart \ + cyrus-imapd \ + kolabd \ + kolab-saslauthd \ + postfix diff --git a/docker/kolab/utils/02-reset-cyrus-admin-password.sh b/docker/kolab/utils/11-reset-cyrus-admin-password.sh similarity index 57% rename from docker/kolab/utils/02-reset-cyrus-admin-password.sh rename to docker/kolab/utils/11-reset-cyrus-admin-password.sh index 43564adf..cc185ebc 100755 --- a/docker/kolab/utils/02-reset-cyrus-admin-password.sh +++ b/docker/kolab/utils/11-reset-cyrus-admin-password.sh @@ -1,11 +1,20 @@ #!/bin/bash . ./settings.sh ( echo "dn: uid=cyrus-admin,ou=Special Users,${rootdn}" echo "changetype: modify" echo "replace: userpassword" echo "userpassword: ${ldap_bindpw}" echo "" -) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -f - +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" + +oldpw=$(grep ^admin_password /etc/kolab/kolab.conf | awk '{print $3}') + +sed -i -r \ + -e "s/${oldpw}/${ldap_bindpw}/g" \ + /etc/kolab/kolab.conf + +systemctl restart kolabd wallaced + diff --git a/docker/kolab/utils/03-create-hosted-kolab-service.sh b/docker/kolab/utils/12-create-hosted-kolab-service.sh similarity index 100% rename from docker/kolab/utils/03-create-hosted-kolab-service.sh rename to docker/kolab/utils/12-create-hosted-kolab-service.sh diff --git a/docker/kolab/utils/04-create-ou-domains.sh b/docker/kolab/utils/13-create-ou-domains.sh similarity index 100% rename from docker/kolab/utils/04-create-ou-domains.sh rename to docker/kolab/utils/13-create-ou-domains.sh diff --git a/docker/kolab/utils/05-create-management-domain.sh b/docker/kolab/utils/14-create-management-domain.sh similarity index 100% rename from docker/kolab/utils/05-create-management-domain.sh rename to docker/kolab/utils/14-create-management-domain.sh diff --git a/docker/kolab/utils/06-create-hosted-domain.sh b/docker/kolab/utils/15-create-hosted-domain.sh similarity index 97% rename from docker/kolab/utils/06-create-hosted-domain.sh rename to docker/kolab/utils/15-create-hosted-domain.sh index b0b3c9fd..e98e66c0 100755 --- a/docker/kolab/utils/06-create-hosted-domain.sh +++ b/docker/kolab/utils/15-create-hosted-domain.sh @@ -1,87 +1,87 @@ #!/bin/bash . ./settings.sh ( echo "dn: associateddomain=${hosted_domain},ou=Domains,${rootdn}" echo "objectclass: top" echo "objectclass: domainrelatedobject" echo "objectclass: inetdomain" echo "inetdomainstatus: active" - echo "associateddomain: mykolab.com" - echo "associateddomain: mykolab.ch" + echo "associateddomain: ${hosted_domain}" + echo "inetdomainbasedn: ${hosted_domain_rootdn}" echo "" echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config" echo "objectClass: top" echo "objectClass: extensibleObject" echo "objectClass: nsMappingTree" echo "nsslapd-state: backend" echo "cn: ${hosted_domain_rootdn}" echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')" echo "" echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config" echo "objectClass: top" echo "objectClass: extensibleobject" echo "objectClass: nsbackendinstance" echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')" echo "nsslapd-suffix: ${hosted_domain_rootdn}" echo "nsslapd-cachesize: -1" echo "nsslapd-cachememsize: 10485760" echo "nsslapd-readonly: off" echo "nsslapd-require-index: off" echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')" echo "nsslapd-dncachememsize: 10485760" echo "" ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" ( echo "dn: ${hosted_domain_rootdn}" echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)" echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)" echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)" echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)" echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)" echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)" echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)" echo "objectClass: top" echo "objectClass: domain" echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)" echo "" ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" ( echo "dn: ou=Groups,${hosted_domain_rootdn}" echo "ou: Groups" echo "objectClass: top" echo "objectClass: organizationalunit" echo "" echo "dn: ou=People,${hosted_domain_rootdn}" echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)" echo "ou: People" echo "objectClass: top" echo "objectClass: organizationalunit" echo "" echo "dn: ou=Special Users,${hosted_domain_rootdn}" echo "ou: Special Users" echo "objectClass: top" echo "objectClass: organizationalunit" echo "" echo "dn: ou=Resources,${hosted_domain_rootdn}" echo "ou: Resources" echo "objectClass: top" echo "objectClass: organizationalunit" echo "" echo "dn: ou=Shared Folders,${hosted_domain_rootdn}" echo "ou: Shared Folders" echo "objectClass: top" echo "objectClass: organizationalunit" echo "" ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" diff --git a/docker/kolab/utils/07-remove-cn-kolab-cn-config.sh b/docker/kolab/utils/16-remove-cn-kolab-cn-config.sh similarity index 100% rename from docker/kolab/utils/07-remove-cn-kolab-cn-config.sh rename to docker/kolab/utils/16-remove-cn-kolab-cn-config.sh diff --git a/docker/kolab/utils/08-remove-hosted-service-access-from-mgmt-domain.sh b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh similarity index 100% rename from docker/kolab/utils/08-remove-hosted-service-access-from-mgmt-domain.sh rename to docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh diff --git a/docker/kolab/utils/10-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh similarity index 100% rename from docker/kolab/utils/10-adjust-kolab-conf.sh rename to docker/kolab/utils/18-adjust-kolab-conf.sh diff --git a/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh b/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh new file mode 100755 index 00000000..75a1ece1 --- /dev/null +++ b/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +sed -i -r \ + -e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \ + -e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \ + -e "s/inetOrgPerson/inetorgperson/g" \ + -e "s/kolabInetOrgPerson/inetorgperson/g" \ + /etc/roundcubemail/*.inc.php diff --git a/docker/kolab/utils/20-add-alias-attribute-index.sh b/docker/kolab/utils/20-add-alias-attribute-index.sh new file mode 100755 index 00000000..6f0e1d50 --- /dev/null +++ b/docker/kolab/utils/20-add-alias-attribute-index.sh @@ -0,0 +1,55 @@ +#!/bin/bash + + . ./settings.sh + +export index_attr=alias + +( + echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectclass: top" + echo "objectclass: nsindex" + echo "cn: ${index_attr}" + echo "nsSystemIndex: false" + echo "nsindextype: pres" + echo "nsindextype: eq" + echo "nsindextype: sub" + +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + + +( + echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: ${hosted_domain_db} ${index_attr} index" + echo "nsinstance: ${hosted_domain_db}" + echo "nsIndexAttribute: ${index_attr}:pres" + echo "nsIndexAttribute: ${index_attr}:eq" + echo "nsIndexAttribute: ${index_attr}:sub" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +ldap_complete=0 + +while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi +done + diff --git a/docker/kolab/utils/50-add-vlv-searches.sh b/docker/kolab/utils/50-add-vlv-searches.sh new file mode 100755 index 00000000..c6e24bcb --- /dev/null +++ b/docker/kolab/utils/50-add-vlv-searches.sh @@ -0,0 +1,53 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=PVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvSearch" + echo "cn: PVS" + echo "vlvBase: ${hosted_domain_rootdn}" + echo "vlvScope: 2" + echo "vlvFilter: (objectclass=inetorgperson)" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +( + echo "dn: cn=RVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvSearch" + echo "cn: RVS" + echo "vlvBase: ${hosted_domain_rootdn}" + echo "vlvScope: 2" + echo "vlvFilter: (|(&(objectclass=kolabsharedfolder)(kolabfoldertype=event)(mail=*))(objectclass=groupofuniquenames)(objectclass=groupofurls))" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +( + echo "dn: cn=GVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvSearch" + echo "cn: GVS" + echo "vlvBase: ${hosted_domain_rootdn}" + echo "vlvScope: 2" + echo "vlvFilter: (|(objectclass=groupofuniquenames)(objectclass=groupofurls))" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then + ( + echo "dn: cn=DVS,cn=${domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvSearch" + echo "cn: DVS" + echo "vlvBase: ${domain_base_dn}" + echo "vlvScope: 2" + echo "vlvFilter: (objectclass=domainrelatedobject)" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c +fi diff --git a/docker/kolab/utils/51-add-vlv-indexes.sh b/docker/kolab/utils/51-add-vlv-indexes.sh new file mode 100755 index 00000000..1f2afc6d --- /dev/null +++ b/docker/kolab/utils/51-add-vlv-indexes.sh @@ -0,0 +1,45 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=PVI,cn=PVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvIndex" + echo "cn: PVI" + echo "vlvSort: displayname sn givenname cn" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +( + echo "dn: cn=RVI,cn=RVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvIndex" + echo "cn: RVI" + echo "vlvSort: cn" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +( + echo "dn: cn=GVI,cn=GVS,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvIndex" + echo "cn: GVI" + echo "vlvSort: cn" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" +) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then + ( + echo "dn: cn=DVI,cn=DVS,cn=${domain_db},cn=ldbm database,cn=plugins,cn=config" + echo "objectClass: top" + echo "objectClass: vlvIndex" + echo "cn: DVI" + echo "vlvSort: associatedDomain" + echo "aci: (targetattr = \"*\") (version 3.0;acl \"Read Access\";allow (read,compare,search)(userdn = \"ldap:///anyone\");)" + echo "" + ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c +fi diff --git a/docker/kolab/utils/52-run-vlv-index-tasks.sh b/docker/kolab/utils/52-run-vlv-index-tasks.sh new file mode 100755 index 00000000..b449e04c --- /dev/null +++ b/docker/kolab/utils/52-run-vlv-index-tasks.sh @@ -0,0 +1,143 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=PVI,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: PVI" + echo "nsinstance: ${hosted_domain_db}" + echo "nsIndexVLVAttribute: PVI" + echo "" +) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +ldap_complete=0 + +while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=PVI,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi +done + +( + echo "dn: cn=RVI,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: RVI" + echo "nsinstance: ${hosted_domain_db}" + echo "nsIndexVLVAttribute: RVI" + echo "" +) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +ldap_complete=0 + +while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=RVI,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi +done + + + +( + echo "dn: cn=GVI,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: GVI" + echo "nsinstance: ${hosted_domain_db}" + echo "nsIndexVLVAttribute: GVI" + echo "" +) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + +ldap_complete=0 + +while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=GVI,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi +done + +if [ "${domain_base_dn}" != "cn=kolab,cn=config" ]; then + ( + echo "dn: cn=DVI,cn=index,cn=tasks,cn=config" + echo "objectclass: top" + echo "objectclass: extensibleObject" + echo "cn: DVI" + echo "nsinstance: ${domain_db}" + echo "nsIndexVLVAttribute: DVI" + echo "" + ) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + + ldap_complete=0 + + while [ ${ldap_complete} -ne 1 ]; do + result=$( + ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -c \ + -LLL \ + -b "cn=DVI,cn=index,cn=tasks,cn=config" \ + '(!(nstaskexitcode=0))' \ + -s base 2>/dev/null + ) + if [ -z "$result" ]; then + ldap_complete=1 + echo "" + else + echo -n "." + sleep 1 + fi + done +fi diff --git a/docker/kolab/utils/extra/00-allow-anonymous-bind.sh b/docker/kolab/utils/extra/00-allow-anonymous-bind.sh new file mode 100755 index 00000000..d96748f1 --- /dev/null +++ b/docker/kolab/utils/extra/00-allow-anonymous-bind.sh @@ -0,0 +1,11 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-allow-anonymous-access" + echo "nsslapd-allow-anonymous-access: on" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" diff --git a/docker/kolab/utils/extra/00-disallow-anonymous-bind.sh b/docker/kolab/utils/extra/00-disallow-anonymous-bind.sh new file mode 100755 index 00000000..8ec0f94a --- /dev/null +++ b/docker/kolab/utils/extra/00-disallow-anonymous-bind.sh @@ -0,0 +1,11 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-allow-anonymous-access" + echo "nsslapd-allow-anonymous-access: off" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" diff --git a/docker/kolab/utils/extra/10-test-detected-vlv.sh b/docker/kolab/utils/extra/10-test-detected-vlv.sh new file mode 100755 index 00000000..3c8e24a3 --- /dev/null +++ b/docker/kolab/utils/extra/10-test-detected-vlv.sh @@ -0,0 +1,124 @@ +#!/bin/bash + + . ./settings.sh + +vlvbasedn="" +vlvscope="" +vlvfilter="" +vlvsort="" + +( + ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "cn=ldbm database,cn=plugins,cn=config" "(objectclass=vlvsearch)" entrydn | sed -e '/^dn:/{ + $!{ N + s/dn: // + s/\n\s// +}};') | grep -v '^$' | while read vlvsearch; do + + vlvbasedn=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvbase | sed '/^vlvbase:/{ + $!{ N + s/vlvbase: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvscope=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvscope | sed '/^vlvscope:/{ + $!{ N + s/vlvscope: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvfilter=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvfilter | sed '/^vlvfilter:/{ + $!{ N + s/vlvfilter: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvsort=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s sub "(objectclass=vlvIndex)" vlvsort | sed '/^vlvsort:/{ + $!{ N + s/vlvsort: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + echo "Found a VLV index and search with parameters:" + echo " - Base: ${vlvbasedn}" + echo -n " - Scope: " + + case ${vlvscope} in + 0) + echo "base" + vlvscope="base" + ;; + + 1) + echo "one" + vlvscope="one" + ;; + + 2) + echo "sub" + vlvscope="sub" + ;; + esac + + echo " - Filter: ${vlvfilter}" + echo " - Sorting by: ${vlvsort}" + + # Use it + + uses_before=`ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvsearch}" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ -z "${uses_before}" ]; then + uses_before=0 + fi + + echo "Searching '${vlvbasedn}'" + + echo "after" | ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvbasedn}" \ + -s ${vlvscope} "${vlvfilter}" \ + -E '!vlv=5/5/1/10' \ + -E "!sss=$(echo ${vlvsort} | sed -e 's| |/|g')" >/dev/null 2>&1 + + echo "Searching '${vlvsearch}'" + + uses_after=`ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvsearch}" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ -z "${uses_after}" ]; then + uses_after=0 + fi + + if [ ${uses_before} -lt ${uses_after} ]; then + echo "Actually works, too (before: ${uses_before}, after: ${uses_after})" + else + echo "Does not seem to work (uses before -eq after)" + echo "Used: ldapsearch -x -h '${ldap_host}' -D '${ldap_binddn}' -w '${ldap_bindpw}' -b '${vlvbasedn}' -s ${vlvscope} '${vlvfilter}' -E '!vlv=5/5/1/10' -E '!sss=$(echo ${vlvsort} | sed -e 's| |/|g')'" + fi +done + + diff --git a/docker/kolab/utils/extra/10d-test-use-detected-vlv.sh b/docker/kolab/utils/extra/10d-test-use-detected-vlv.sh new file mode 100755 index 00000000..3c8e24a3 --- /dev/null +++ b/docker/kolab/utils/extra/10d-test-use-detected-vlv.sh @@ -0,0 +1,124 @@ +#!/bin/bash + + . ./settings.sh + +vlvbasedn="" +vlvscope="" +vlvfilter="" +vlvsort="" + +( + ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "cn=ldbm database,cn=plugins,cn=config" "(objectclass=vlvsearch)" entrydn | sed -e '/^dn:/{ + $!{ N + s/dn: // + s/\n\s// +}};') | grep -v '^$' | while read vlvsearch; do + + vlvbasedn=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvbase | sed '/^vlvbase:/{ + $!{ N + s/vlvbase: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvscope=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvscope | sed '/^vlvscope:/{ + $!{ N + s/vlvscope: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvfilter=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvfilter | sed '/^vlvfilter:/{ + $!{ N + s/vlvfilter: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + vlvsort=`ldapsearch -o ldif-wrap=no -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s sub "(objectclass=vlvIndex)" vlvsort | sed '/^vlvsort:/{ + $!{ N + s/vlvsort: // + s/\n\s// +}}' | grep -vE "^(dn|\s)"` + + echo "Found a VLV index and search with parameters:" + echo " - Base: ${vlvbasedn}" + echo -n " - Scope: " + + case ${vlvscope} in + 0) + echo "base" + vlvscope="base" + ;; + + 1) + echo "one" + vlvscope="one" + ;; + + 2) + echo "sub" + vlvscope="sub" + ;; + esac + + echo " - Filter: ${vlvfilter}" + echo " - Sorting by: ${vlvsort}" + + # Use it + + uses_before=`ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvsearch}" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ -z "${uses_before}" ]; then + uses_before=0 + fi + + echo "Searching '${vlvbasedn}'" + + echo "after" | ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvbasedn}" \ + -s ${vlvscope} "${vlvfilter}" \ + -E '!vlv=5/5/1/10' \ + -E "!sss=$(echo ${vlvsort} | sed -e 's| |/|g')" >/dev/null 2>&1 + + echo "Searching '${vlvsearch}'" + + uses_after=`ldapsearch \ + -o ldif-wrap=no \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "${vlvsearch}" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ -z "${uses_after}" ]; then + uses_after=0 + fi + + if [ ${uses_before} -lt ${uses_after} ]; then + echo "Actually works, too (before: ${uses_before}, after: ${uses_after})" + else + echo "Does not seem to work (uses before -eq after)" + echo "Used: ldapsearch -x -h '${ldap_host}' -D '${ldap_binddn}' -w '${ldap_bindpw}' -b '${vlvbasedn}' -s ${vlvscope} '${vlvfilter}' -E '!vlv=5/5/1/10' -E '!sss=$(echo ${vlvsort} | sed -e 's| |/|g')'" + fi +done + + diff --git a/docker/kolab/utils/extra/10e-test-use-detected-vlv-with-search.sh b/docker/kolab/utils/extra/10e-test-use-detected-vlv-with-search.sh new file mode 100644 index 00000000..c23c9926 --- /dev/null +++ b/docker/kolab/utils/extra/10e-test-use-detected-vlv-with-search.sh @@ -0,0 +1,98 @@ +#!/bin/bash + + . ./settings.sh + +ldap_binddn=$(ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${hosted_domain_rootdn}" "(mail=jdoe@example.org)" entrydn | grep ^dn | cut -d':' -f2-) +ldap_bindpw="simple123" + +export ldap_binddn +export ldap_bindpw + +( + ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "cn=ldbm database,cn=plugins,cn=config" "(objectclass=vlvsearch)" entrydn | grep ^dn | cut -d':' -f2- +) | while read vlvsearch; do + vlvbasedn=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvbase | grep -i ^vlvbase | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvscope=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvscope | grep -i ^vlvscope | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvfilter=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvfilter | grep -i ^vlvfilter | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvsort=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s sub "(objectclass=vlvIndex)" vlvsort | grep -i ^vlvsort | awk 'BEGIN { FS = ": " } ; {print $2}'` + + echo "Found a VLV index and search with parameters:" + echo " - Base: ${vlvbasedn}" + echo -n " - Scope: " + + case ${vlvscope} in + 0) + echo "base" + vlvscope="base" + ;; + + 1) + echo "one" + vlvscope="one" + ;; + + 2) + echo "sub" + vlvscope="sub" + ;; + esac + + echo " - Filter: ${vlvfilter}" + echo " - Sorting by: ${vlvsort}" + + # Use it + + uses_before=`ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "cn=ldbm database,cn=plugins,cn=config" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + echo "after" | ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -LLL \ + -b "${vlvbasedn}" \ + -s ${vlvscope} "(&${vlvfilter}(|(mail=*xqg*)(displayname=*xqg*)(alias=*xqg*)))" \ + -E '!vlv=5/5/1/10' \ + -E "!sss=$(echo ${vlvsort} | sed -e 's| |/|g')" \ + mail >/dev/null 2>&1 + + retval=$? + + if [ $retval -eq 0 ]; then + echo "ldapsearch command completed successfully:" + else + echo "Return value is $retval" + fi + + echo "ldapsearch -x -h ${ldap_host} -D \"${ldap_binddn}\" -w \"${ldap_bindpw}\" -b \"${vlvbasedn}\" -LLL \\" + echo " -s ${vlvscope} \"(&${vlvfilter}(|(mail=*xqg*)(displayname=*xqg*)(alias=*xqg*)))\" \\" + echo " -E '!vlv=5/5/1/10' -E '!sss=$(echo ${vlvsort} | sed -e 's| |/|g')' mail" + + uses_after=`ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "cn=ldbm database,cn=plugins,cn=config" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ ${uses_before} -lt ${uses_after} ]; then + echo "Actually works, too (before: ${uses_before}, after: ${uses_after})" + fi +done + + diff --git a/docker/kolab/utils/extra/11-test-detected-vlv-with-search.sh b/docker/kolab/utils/extra/11-test-detected-vlv-with-search.sh new file mode 100755 index 00000000..c23c9926 --- /dev/null +++ b/docker/kolab/utils/extra/11-test-detected-vlv-with-search.sh @@ -0,0 +1,98 @@ +#!/bin/bash + + . ./settings.sh + +ldap_binddn=$(ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${hosted_domain_rootdn}" "(mail=jdoe@example.org)" entrydn | grep ^dn | cut -d':' -f2-) +ldap_bindpw="simple123" + +export ldap_binddn +export ldap_bindpw + +( + ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "cn=ldbm database,cn=plugins,cn=config" "(objectclass=vlvsearch)" entrydn | grep ^dn | cut -d':' -f2- +) | while read vlvsearch; do + vlvbasedn=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvbase | grep -i ^vlvbase | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvscope=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvscope | grep -i ^vlvscope | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvfilter=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s base vlvfilter | grep -i ^vlvfilter | awk 'BEGIN { FS = ": " } ; {print $2}'` + vlvsort=`ldapsearch -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -LLL -b "${vlvsearch}" -s sub "(objectclass=vlvIndex)" vlvsort | grep -i ^vlvsort | awk 'BEGIN { FS = ": " } ; {print $2}'` + + echo "Found a VLV index and search with parameters:" + echo " - Base: ${vlvbasedn}" + echo -n " - Scope: " + + case ${vlvscope} in + 0) + echo "base" + vlvscope="base" + ;; + + 1) + echo "one" + vlvscope="one" + ;; + + 2) + echo "sub" + vlvscope="sub" + ;; + esac + + echo " - Filter: ${vlvfilter}" + echo " - Sorting by: ${vlvsort}" + + # Use it + + uses_before=`ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "cn=ldbm database,cn=plugins,cn=config" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + echo "after" | ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -LLL \ + -b "${vlvbasedn}" \ + -s ${vlvscope} "(&${vlvfilter}(|(mail=*xqg*)(displayname=*xqg*)(alias=*xqg*)))" \ + -E '!vlv=5/5/1/10' \ + -E "!sss=$(echo ${vlvsort} | sed -e 's| |/|g')" \ + mail >/dev/null 2>&1 + + retval=$? + + if [ $retval -eq 0 ]; then + echo "ldapsearch command completed successfully:" + else + echo "Return value is $retval" + fi + + echo "ldapsearch -x -h ${ldap_host} -D \"${ldap_binddn}\" -w \"${ldap_bindpw}\" -b \"${vlvbasedn}\" -LLL \\" + echo " -s ${vlvscope} \"(&${vlvfilter}(|(mail=*xqg*)(displayname=*xqg*)(alias=*xqg*)))\" \\" + echo " -E '!vlv=5/5/1/10' -E '!sss=$(echo ${vlvsort} | sed -e 's| |/|g')' mail" + + uses_after=`ldapsearch \ + -x \ + -h ${ldap_host} \ + -D "${ldap_binddn}" \ + -w "${ldap_bindpw}" \ + -b "cn=ldbm database,cn=plugins,cn=config" \ + -s sub \ + "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \ + -LLL \ + vlvuses | \ + grep -i ^vlvuses | awk '{print $2}'` + + if [ ${uses_before} -lt ${uses_after} ]; then + echo "Actually works, too (before: ${uses_before}, after: ${uses_after})" + fi +done + + diff --git a/docker/kolab/utils/extra/20-disable-access-log.sh b/docker/kolab/utils/extra/20-disable-access-log.sh new file mode 100755 index 00000000..e6964ca1 --- /dev/null +++ b/docker/kolab/utils/extra/20-disable-access-log.sh @@ -0,0 +1,12 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-accesslog-logging-enabled" + echo "nsslapd-accesslog-logging-enabled: off" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + diff --git a/docker/kolab/utils/extra/21-enable-access-log.sh b/docker/kolab/utils/extra/21-enable-access-log.sh new file mode 100755 index 00000000..4b2f767f --- /dev/null +++ b/docker/kolab/utils/extra/21-enable-access-log.sh @@ -0,0 +1,12 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-accesslog-logging-enabled" + echo "nsslapd-accesslog-logging-enabled: on" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + diff --git a/docker/kolab/utils/extra/30-enable-audit-log.sh b/docker/kolab/utils/extra/30-enable-audit-log.sh new file mode 100755 index 00000000..5308c7e5 --- /dev/null +++ b/docker/kolab/utils/extra/30-enable-audit-log.sh @@ -0,0 +1,12 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-auditlog-logging-enabled" + echo "nsslapd-auditlog-logging-enabled: on" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + diff --git a/docker/kolab/utils/extra/31-disable-audit-log.sh b/docker/kolab/utils/extra/31-disable-audit-log.sh new file mode 100755 index 00000000..7710fc22 --- /dev/null +++ b/docker/kolab/utils/extra/31-disable-audit-log.sh @@ -0,0 +1,12 @@ +#!/bin/bash + + . ./settings.sh + +( + echo "dn: cn=config" + echo "changetype: modify" + echo "replace: nsslapd-auditlog-logging-enabled" + echo "nsslapd-auditlog-logging-enabled: off" + echo "" +) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c + diff --git a/docker/kolab/utils/extra/settings.sh b/docker/kolab/utils/extra/settings.sh new file mode 120000 index 00000000..a08eca5b --- /dev/null +++ b/docker/kolab/utils/extra/settings.sh @@ -0,0 +1 @@ +../settings.sh \ No newline at end of file diff --git a/docker/kolab/utils/settings.sh b/docker/kolab/utils/settings.sh index 25a26344..b164c4f4 100755 --- a/docker/kolab/utils/settings.sh +++ b/docker/kolab/utils/settings.sh @@ -1,22 +1,23 @@ #!/bin/bash export rootdn="dc=mgmt,dc=com" export domain="mgmt.com" export domain_db="mgmt_com" export ldap_host="127.0.0.1" export ldap_binddn="cn=Directory Manager" export ldap_bindpw="Welcome2KolabSystems" export cyrus_admin="cyrus-admin" export imap_host="127.0.0.1" export cyrus_admin_pw="Welcome2KolabSystems" export hosted_kolab_service_pw="Welcome2KolabSystems" export hosted_domain="hosted.com" +export hosted_domain_db="hosted_com" export hosted_domain_rootdn="dc=hosted,dc=com" export domain_base_dn="ou=Domains,dc=mgmt,dc=com" export default_user_password="Welcome2KolabSystems" diff --git a/docker/worker/Dockerfile b/docker/worker/Dockerfile new file mode 100644 index 00000000..3281c341 --- /dev/null +++ b/docker/worker/Dockerfile @@ -0,0 +1,23 @@ +FROM kolab/centos7:latest + +RUN yum -y install rsyslog && \ + yum clean all + +COPY kolab-worker.service /etc/systemd/system/kolab-worker.service +RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ + ln -s /etc/systemd/system/kolab-worker.service \ + /etc/systemd/system/multi-user.target.wants/kolab-worker.service + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +RUN yum -y install kolab-16-extras-fasttrack && \ + sed -i -r -e '/^ssl/d' /etc/yum.repos.d/*.repo && \ + yum -y update php\* pcre2\* && \ + yum clean all + +RUN useradd worker + +COPY kolab-worker.sh /usr/local/bin/ +RUN chmod 755 /usr/local/bin/kolab-worker.sh + +CMD ["/lib/systemd/systemd"] diff --git a/docker/worker/kolab-worker.service b/docker/worker/kolab-worker.service new file mode 100644 index 00000000..ba749e75 --- /dev/null +++ b/docker/worker/kolab-worker.service @@ -0,0 +1,11 @@ +[Unit] +Description=Kolab Worker Service + +[Service] +Type=simple +User=worker +Group=worker +ExecStart=/usr/local/bin/kolab-worker.sh + +[Install] +WantedBy=multi-user.target diff --git a/docker/worker/kolab-worker.sh b/docker/worker/kolab-worker.sh new file mode 100644 index 00000000..5605841b --- /dev/null +++ b/docker/worker/kolab-worker.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ -d /home/worker/src/ ]; then + rm -rf /home/worker/src/ +fi + +cp -a /home/worker/src.orig/ /home/worker/src/ +chown -R worker:worker /home/worker/src/ + +pushd /home/worker/src/ + +rm -rf bootstrap/cache/ +mkdir -p bootstrap/cache/ + +./artisan queue:work