Skip to content

Commit

Permalink
todo
Browse files Browse the repository at this point in the history
  • Loading branch information
@stephdl
stephdl committed Nov 30, 2023
1 parent fd6d2f5 commit 52cf177
Show file tree
Hide file tree
Showing 5 changed files with 195 additions and 12 deletions.
178 changes: 178 additions & 0 deletions Notes
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
\{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "$groupDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "$SystemName groups";
hostname = $ldapURI;
isAddressBook = YES;
\},
\{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "$userDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "$SystemName users";
hostname = $ldapURI;
isAddressBook = YES;
\}



directory.nh node/1 {'host': '127.0.0.1', 'schema': 'rfc2307', 'location': 'internal', 'base_dn': 'dc=directory,dc=nh', 'bind_dn': 'cn=ldapservice,dc=directory,dc=nh', 'bind_password': '95AlpqTO2i_h9_7a', 'port': '20001', 'hidden_users': [], 'hidden_groups': ['locals']}



ad.rocky9-pve3.org node/1 {'host': '127.0.0.1', 'schema': 'ad', 'location': 'internal', 'base_dn': 'DC=ad,DC=rocky9-pve3,DC=org', 'bind_dn': '[email protected]', 'bind_password': '-p.7gIhuZR0-yi4.bqZ7K4hEz39-PJGK', 'port': '20002', 'hidden_users': ['Guest', 'krbtgt', 'ldapservice'], 'hidden_groups': ['DnsUpdateProxy', 'Domain Computers', 'Domain Controllers', 'Domain Guests', 'Domain Users', 'Group Policy Creator Owners', 'Read-only Domain Controllers', 'Protected Users']}


{
id = AD_Users;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = userPrincipalName;
canAuthenticate = YES;
bindDN = "[email protected]";
bindPassword = "h16wu7gXegOaHu2g";
baseDN = "dc=ad,dc=de-labrusse,dc=fr";
bindFields = (
sAMAccountName,
userPrincipalName
);
hostname = ldaps://ad.de-labrusse.fr;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("userPrincipalName");
scope = SUB;
displayName = "de-labrusse.fr users";
isAddressBook = YES;
},
{
id = AD_Groups;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "[email protected]";
bindPassword = "h16wu7gXegOaHu2g";
baseDN = "dc=ad,dc=de-labrusse,dc=fr";
hostname = ldaps://ad.de-labrusse.fr;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "de-labrusse.fr groups";
isAddressBook = YES;
}
);


# ldap
SOGoUserSources =(
{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "dc=directory,dc=nh";
bindDN = "cn=ldapservice,dc=directory,dc=nh";
bindPassword = "95AlpqTO2i_h9_7a";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "directory.nh groups";
hostname = ldap://10.0.2.2:20001;
isAddressBook = YES;
},
{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "dc=directory,dc=nh";
bindDN = "cn=ldapservice,dc=directory,dc=nh";
bindPassword = "95AlpqTO2i_h9_7a";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "directory.nh users";
hostname = ldap://10.0.2.2:20001;
isAddressBook = YES;
}
);

/* 45 AD authentication */
SOGoUserSources =(

{
id = AD_Users;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = userPrincipalName;
canAuthenticate = YES;
bindDN = "[email protected]";
bindPassword = "-p.7gIhuZR0-yi4.bqZ7K4hEz39-PJGK";
baseDN = "DC=ad,DC=rocky9-pve3,DC=org";
bindFields = (
sAMAccountName,
userPrincipalName
);
hostname = ldap://10.0.2.2:20002;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("userPrincipalName");
scope = SUB;
displayName = "de-labrusse.fr users";
isAddressBook = YES;
},
{
id = AD_Groups;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "[email protected]";
bindPassword = "-p.7gIhuZR0-yi4.bqZ7K4hEz39-PJGK";
baseDN = "DC=ad,DC=rocky9-pve3,DC=org";
hostname = ldap://10.0.2.2:20002;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "de-labrusse.fr groups";
isAddressBook = YES;
}
);


/usr/bin/memcached -d -u sogo

sogo 142 0.0 0.0 406040 3860 ? Ssl 22:59 0:00 /usr/bin/memcached -d -u sogo
2 changes: 1 addition & 1 deletion imageroot/bin/discover-ldap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,4 @@ with open(tmpfile, "w") as denv:
print('SOGO_LDAP_SCHEMA=' + odom['schema'], file=denv)
print('SOGO_LDAP_BASE=' + odom['base_dn'], file=denv)

os.replace(tmpfile, "discovery.env")
os.replace(tmpfile, "discovery_ldap.env")
2 changes: 1 addition & 1 deletion imageroot/bin/discover-service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ user_domain = os.getenv('MAIL_DOMAIN', imap[0]['user_domain'])
smtp_port = smtp[0]['port']
smtp_server = smtp[0]['host']

envfile = "discovery.env"
envfile = "discovery_mail.env"

# Using .tmp suffix: do not overwrite the target file until the new one is
# saved to disk:
Expand Down
21 changes: 12 additions & 9 deletions imageroot/systemd/user/sogo-app.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,26 +11,29 @@ After=sogo.service mariadb-app.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
EnvironmentFile=%S/state/environment
EnvironmentFile=-%S/state/discovery.env
EnvironmentFile=-%S/state/discovery_mail.env
EnvironmentFile=-%S/state/discovery_ldap.env
WorkingDirectory=%S/state
Restart=always
TimeoutStopSec=70
ExecStartPre=/bin/mkdir -p config
ExecStartPre=/bin/rm -f %t/sogo-app.pid %t/sogo-app.ctr-id
ExecStartPre=runagent discover-ldap
ExecStartPre=/usr/local/bin/runagent discover-service
ExecStartPost=/usr/bin/bash -c "while ! /usr/bin/podman exec sogo-app /usr/bin/curl http://127.0.0.1:20001/SOGo ; do sleep 3 ; done"
ExecStartPost=podman exec sogo-app /usr/bin/memcached -d -u sogo
ExecStart=/usr/bin/podman run --conmon-pidfile %t/sogo-app.pid \
--cidfile %t/sogo-app.ctr-id --cgroups=no-conmon \
--pod-id-file %t/sogo.pod-id --replace -d --name sogo-app \
--volume ./config:/etc/sogo:Z \
--env=sogo_* \
--env sogo_DB_TYPE=mysql \
--env sogo_DB_HOST=127.0.0.1 \
--env sogo_DB_PORT=3306 \
--env sogo_DB_USER=sogo \
--env sogo_DB_PASSWORD=Nethesis,1234 \
--env sogo_DB_NAME=sogo \
${sogo_IMAGE}
--env=SOGO_* \
--env SOGO_DB_TYPE=mysql \
--env SOGO_DB_HOST=127.0.0.1 \
--env SOGO_DB_PORT=3306 \
--env SOGO_DB_USER=sogo \
--env SOGO_DB_PASSWORD=Nethesis,1234 \
--env SOGO_DB_NAME=sogo \
${ARCHLINUX_SOGO_IMAGE}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/sogo-app.ctr-id -t 10
ExecReload=/usr/bin/podman kill -s HUP sogo-app
SyslogIdentifier=%u
Expand Down
4 changes: 3 additions & 1 deletion imageroot/systemd/user/sogo.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,9 @@ ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/sogo.pid \
--pod-id-file %t/sogo.pod-id \
--name sogo \
--publish 127.0.0.1:${TCP_PORT}:20001 \
--replace
--replace \
--network=slirp4netns:allow_host_loopback=true \
--add-host=accountprovider:10.0.2.2
ExecStart=/usr/bin/podman pod start --pod-id-file %t/sogo.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/sogo.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/sogo.pod-id
Expand Down

0 comments on commit 52cf177

Please sign in to comment.