From cb8c23c28d97a274c6af575c21177d021f91b7f3 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Fri, 22 Oct 2021 12:27:34 -0700 Subject: [PATCH] email_server: Lookup LDAP local recipients via PAM Most modern setups simply use to PAM to lookup local recipients instead of integrating directly with LDAP. libnss-ldapd package that we install and configure connects the password database with LDAP. Anyone then using PAM need not be aware of LDAP integration. This reduces extra configuration and many problems that come along with it. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/email_server/audit/ldap.py | 27 ----------------------- plinth/modules/email_server/postconf.py | 4 ---- 2 files changed, 31 deletions(-) diff --git a/plinth/modules/email_server/audit/ldap.py b/plinth/modules/email_server/audit/ldap.py index f7969a1a8..e5e5a760c 100644 --- a/plinth/modules/email_server/audit/ldap.py +++ b/plinth/modules/email_server/audit/ldap.py @@ -68,7 +68,6 @@ def get(): translation_table = [ (check_sasl, _('Postfix-Dovecot SASL integration')), (check_alias_maps, _('Postfix alias maps')), - (check_local_recipient_maps, _('Postfix local recipient maps')), ] results = [] with postconf.mutex.lock_all(): @@ -141,36 +140,10 @@ def fix_alias_maps(diagnosis): diagnosis.apply_changes(postconf.set_many_unsafe) -def check_local_recipient_maps(title=''): - diagnosis = models.MainCfDiagnosis(title) - lrcpt_maps = postconf.parse_maps_by_key_unsafe('local_recipient_maps') - list_modified = False - - # Block mails to system users - # local_recipient_maps must not contain proxy:unix:passwd.byname - ipasswd = list_find(lrcpt_maps, 'proxy:unix:passwd.byname') - if ipasswd >= 0: - diagnosis.critical('Mail to system users (/etc/passwd) possible') - # Propose a fix - lrcpt_maps[ipasswd] = '' - list_modified = True - - if list_modified: - fix = ' '.join(filter(None, lrcpt_maps)) - diagnosis.flag('local_recipient_maps', corrected_value=fix) - - return diagnosis - - -def fix_local_recipient_maps(diagnosis): - diagnosis.apply_changes(postconf.set_many_unsafe) - - def action_set_ulookup(): """Handles email_server -i ldap set_ulookup""" with postconf.mutex.lock_all(): fix_alias_maps(check_alias_maps()) - fix_local_recipient_maps(check_local_recipient_maps()) def list_find(lst, element, start=None, end=None): diff --git a/plinth/modules/email_server/postconf.py b/plinth/modules/email_server/postconf.py index 31826ddf5..047960dea 100644 --- a/plinth/modules/email_server/postconf.py +++ b/plinth/modules/email_server/postconf.py @@ -159,10 +159,6 @@ def parse_maps(raw_value): return value_list -def parse_maps_by_key_unsafe(key): - return parse_maps(get_unsafe(key)) - - def _run(args): """Run process. Capture and return standard output as a string. Raise a RuntimeError on non-zero exit codes"""