nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

email_server: Lookup LDAP local recipients via PAM

Browse Source 
Most modern setups simply use to PAM to lookup local recipients instead of
integrating directly with LDAP. libnss-ldapd package that we install and
configure connects the password database with LDAP. Anyone then using PAM need
not be aware of LDAP integration. This reduces extra configuration and many
problems that come along with it.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2021-10-22 12:27:34 -07:00 committed by James Valleroy
parent d0cf01fb29
commit cb8c23c28d
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
2 changed files with 0 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
plinth/modules/email_server/audit/ldap.py
View File

@ -68,7 +68,6 @@ def get():
translation_table = [
(check_sasl, _('Postfix-Dovecot SASL integration')),
(check_alias_maps, _('Postfix alias maps')),
(check_local_recipient_maps, _('Postfix local recipient maps')),
]
results = []
with postconf.mutex.lock_all():
@ -141,36 +140,10 @@ def fix_alias_maps(diagnosis):
diagnosis.apply_changes(postconf.set_many_unsafe)
def check_local_recipient_maps(title=''):
diagnosis = models.MainCfDiagnosis(title)
lrcpt_maps = postconf.parse_maps_by_key_unsafe('local_recipient_maps')
list_modified = False
# Block mails to system users
# local_recipient_maps must not contain proxy:unix:passwd.byname
ipasswd = list_find(lrcpt_maps, 'proxy:unix:passwd.byname')
if ipasswd >= 0:
diagnosis.critical('Mail to system users (/etc/passwd) possible')
# Propose a fix
lrcpt_maps[ipasswd] = ''
list_modified = True
if list_modified:
fix = ' '.join(filter(None, lrcpt_maps))
diagnosis.flag('local_recipient_maps', corrected_value=fix)
return diagnosis
def fix_local_recipient_maps(diagnosis):
diagnosis.apply_changes(postconf.set_many_unsafe)
def action_set_ulookup():
"""Handles email_server -i ldap set_ulookup"""
with postconf.mutex.lock_all():
fix_alias_maps(check_alias_maps())
fix_local_recipient_maps(check_local_recipient_maps())
def list_find(lst, element, start=None, end=None):

4
plinth/modules/email_server/postconf.py
View File

@ -159,10 +159,6 @@ def parse_maps(raw_value):
return value_list
def parse_maps_by_key_unsafe(key):
return parse_maps(get_unsafe(key))
def _run(args):
"""Run process. Capture and return standard output as a string. Raise a
RuntimeError on non-zero exit codes"""