From 67dd298ddaaee815be5446ea5fc1f3ec97e8734d Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:08:33 +0200 Subject: [PATCH 1/6] Fix LDAP_DOMAIN setting in configure-module/10EnvSOGo --- imageroot/actions/configure-module/10EnvSOGo | 1 - .../actions/configure-module/30bind-user-domains | 16 ++++++++++------ .../actions/configure-module/validate-input.json | 7 +------ 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/imageroot/actions/configure-module/10EnvSOGo b/imageroot/actions/configure-module/10EnvSOGo index e44f326..714a499 100755 --- a/imageroot/actions/configure-module/10EnvSOGo +++ b/imageroot/actions/configure-module/10EnvSOGo @@ -16,7 +16,6 @@ data = json.load(sys.stdin) # Setup configuration from user input. agent.set_env("MAIL_SERVER", data["mail_server"]) agent.set_env("ADMIN_USERS", data.get("admin_users","administrator").lower()) -agent.set_env("LDAP_DOMAIN", data["ldap_domain"]) agent.set_env("MAIL_DOMAIN",data.get("mail_domain","")) agent.set_env("WOWORKERSCOUNT",data.get("workers_count","3")) agent.set_env("AUXILIARYACCOUNT",data.get("auxiliary_account",True)) diff --git a/imageroot/actions/configure-module/30bind-user-domains b/imageroot/actions/configure-module/30bind-user-domains index f55919d..348a3b4 100755 --- a/imageroot/actions/configure-module/30bind-user-domains +++ b/imageroot/actions/configure-module/30bind-user-domains @@ -1,16 +1,20 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 Nethesis S.r.l. +# Copyright (C) 2024 Nethesis S.r.l. # SPDX-License-Identifier: GPL-3.0-or-later # import agent -import json import os -import sys -request = json.load(sys.stdin) +rdb = agent.redis_connect() -# Bind the new domain, overriding previous values (unbind) -agent.bind_user_domains([request["ldap_domain"]]) +providers = agent.list_service_providers(rdb, 'imap', 'tcp', { + 'module_uuid': os.environ['MAIL_SERVER'] +}) + +if providers: + user_domain = providers[0]['user_domain'] + agent.bind_user_domains([user_domain]) + agent.set_env('LDAP_DOMAIN', user_domain) \ No newline at end of file diff --git a/imageroot/actions/configure-module/validate-input.json b/imageroot/actions/configure-module/validate-input.json index bc154aa..b570513 100644 --- a/imageroot/actions/configure-module/validate-input.json +++ b/imageroot/actions/configure-module/validate-input.json @@ -6,7 +6,6 @@ "examples": [ { "mail_server": "f38f9911-8341-452e-8941-d889385a59a8", - "ldap_domain": "ad.domain.org", "admin_users": "Administrator,user1", "mail_domain": "domain.org", "lets_encrypt": false, @@ -22,9 +21,6 @@ "mail_server": { "type": "string" }, - "ldap_domain": { - "type": "string" - }, "admin_users": { "type": "string" }, @@ -54,7 +50,6 @@ }, "required": [ "mail_server", - "ldap_domain", "admin_users", "mail_domain", "lets_encrypt", @@ -64,4 +59,4 @@ "activesync", "dav" ] -} \ No newline at end of file +} From 5b775d58068a654910460b6695d4b82f85a69a76 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:09:16 +0200 Subject: [PATCH 2/6] Remove LDAP_DOMAIN setting in get-configuration/20read --- imageroot/actions/get-configuration/20read | 1 - imageroot/actions/get-configuration/validate-output.json | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/imageroot/actions/get-configuration/20read b/imageroot/actions/get-configuration/20read index 809c343..1a742fc 100755 --- a/imageroot/actions/get-configuration/20read +++ b/imageroot/actions/get-configuration/20read @@ -24,7 +24,6 @@ config["lets_encrypt"] = os.getenv("TRAEFIK_LETS_ENCRYPT") == "True" config["mail_server"] = os.getenv("MAIL_SERVER", "") # the value is the Mail module UUID! config["mail_domain"] = os.getenv("MAIL_DOMAIN", "") # the value is the mail domain of user to force domain identity : user@domain.com ! config["admin_users"] = os.getenv("ADMIN_USERS", "administrator") -config["ldap_domain"] = os.getenv("LDAP_DOMAIN", "") config["workers_count"] = os.getenv("WOWORKERSCOUNT", "3") config["auxiliary_account"] = os.getenv("AUXILIARYACCOUNT") == "True" config["activesync"] = os.getenv("ACTIVESYNC") == "True" diff --git a/imageroot/actions/get-configuration/validate-output.json b/imageroot/actions/get-configuration/validate-output.json index 5b3c002..8f86e39 100644 --- a/imageroot/actions/get-configuration/validate-output.json +++ b/imageroot/actions/get-configuration/validate-output.json @@ -10,7 +10,6 @@ "mail_server": "f38f9911-8341-452e-8941-d889385a59a8", "mail_domain": "rocky9-pve4.org", "admin_users": "", - "ldap_domain": "rocky9-pve4.org", "workers_count": "20", "auxiliary_account": true, "activesync": true, @@ -58,9 +57,6 @@ "admin_users": { "type": "string" }, - "ldap_domain": { - "type": "string" - }, "workers_count": { "type": "string" }, @@ -124,7 +120,6 @@ "mail_server", "mail_domain", "admin_users", - "ldap_domain", "workers_count", "auxiliary_account", "activesync", @@ -132,4 +127,4 @@ "mail_server_URL", "user_domains_list" ] -} \ No newline at end of file +} From b3dcbeefa4072ac2af5c75f77ba4b19c178971c8 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:09:46 +0200 Subject: [PATCH 3/6] Fix MAIL_DOMAIN environment variable in discover-service script --- imageroot/bin/discover-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imageroot/bin/discover-service b/imageroot/bin/discover-service index e8d9a8e..345ca1c 100755 --- a/imageroot/bin/discover-service +++ b/imageroot/bin/discover-service @@ -41,7 +41,7 @@ if len(smtp) != 1: imap_port = imap[0]['port'] imap_server = imap[0]['host'] -user_domain = os.getenv('MAIL_DOMAIN', imap[0]['user_domain']) + smtp_port = smtp[0]['port'] smtp_server = smtp[0]['host'] From bbf54a158bc9e807ad8964703908bdd195813d02 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:10:24 +0200 Subject: [PATCH 4/6] Add mail server event handlers for updating user domain and restarting service --- .../mail-settings-changed/10bind_user_domain | 26 +++++++++++++++++++ .../events/mail-settings-changed/80Restart | 17 ++++++++++++ .../user-domain-changed/20configure-ldap | 21 --------------- 3 files changed, 43 insertions(+), 21 deletions(-) create mode 100755 imageroot/events/mail-settings-changed/10bind_user_domain create mode 100755 imageroot/events/mail-settings-changed/80Restart delete mode 100755 imageroot/events/smarthost-changed/user-domain-changed/20configure-ldap diff --git a/imageroot/events/mail-settings-changed/10bind_user_domain b/imageroot/events/mail-settings-changed/10bind_user_domain new file mode 100755 index 0000000..19abc77 --- /dev/null +++ b/imageroot/events/mail-settings-changed/10bind_user_domain @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 + +# +# Copyright (C) 2022 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +import json +import sys +import agent +import os + +event = json.load(sys.stdin) + +if event['module_uuid'] == os.getenv('MAIL_SERVER', ''): + # Update user domain in redis because the mail server might have changed its user_domain + rdb = agent.redis_connect() + + providers = agent.list_service_providers(rdb, 'imap', 'tcp', { + 'module_uuid': os.environ['MAIL_SERVER'] + }) + + if providers: + user_domain = providers[0]['user_domain'] + agent.bind_user_domains([user_domain]) + agent.set_env('LDAP_DOMAIN', user_domain) diff --git a/imageroot/events/mail-settings-changed/80Restart b/imageroot/events/mail-settings-changed/80Restart new file mode 100755 index 0000000..8cb8d8e --- /dev/null +++ b/imageroot/events/mail-settings-changed/80Restart @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 + +# +# Copyright (C) 2024 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +import json +import sys +import agent +import os + +event = json.load(sys.stdin) + +if event['module_uuid'] == os.getenv('MAIL_SERVER', ''): + # Restart to apply changed settings + agent.run_helper("systemctl", "--user", "try-restart", "sogo.service").check_returncode() \ No newline at end of file diff --git a/imageroot/events/smarthost-changed/user-domain-changed/20configure-ldap b/imageroot/events/smarthost-changed/user-domain-changed/20configure-ldap deleted file mode 100755 index 48f63db..0000000 --- a/imageroot/events/smarthost-changed/user-domain-changed/20configure-ldap +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env python3 - -# -# Copyright (C) 2024 Nethesis S.r.l. -# SPDX-License-Identifier: GPL-3.0-or-later -# - -import json -import sys -import agent -import os - -event = json.load(sys.stdin) - -if event.get('domain') != os.getenv('LDAP_DOMAIN'): - exit(0) - -if 'node' in event and str(event['node']) != os.getenv('NODE_ID'): - exit(0) # ignore event if the source is not in our node - -agent.run_helper('systemctl', '--user', '-T', 'try-restart', 'sogo.service').check_returncode() From 0f7165855fda9a2238e6ed62c66c728c0eadaee9 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:10:49 +0200 Subject: [PATCH 5/6] Update sogo-app.service to include discover-ldap in ExecStartPre --- imageroot/systemd/user/sogo-app.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imageroot/systemd/user/sogo-app.service b/imageroot/systemd/user/sogo-app.service index 6f20443..9f9557d 100644 --- a/imageroot/systemd/user/sogo-app.service +++ b/imageroot/systemd/user/sogo-app.service @@ -18,8 +18,8 @@ Restart=always TimeoutStopSec=70 ExecStartPre=/usr/bin/bash -c "/bin/mkdir -p {config,backups}" ExecStartPre=/bin/rm -f %t/sogo-app.pid %t/sogo-app.ctr-id -ExecStartPre=/usr/local/bin/runagent discover-ldap ExecStartPre=/usr/local/bin/runagent discover-service +ExecStartPre=/usr/local/bin/runagent discover-ldap ExecStartPre=/usr/local/bin/runagent expand-configuration ExecStartPre=/usr/local/bin/runagent reveal-master-secret ExecStartPost=/usr/bin/bash -c "while ! /usr/bin/podman exec sogo-app /usr/bin/curl http://127.0.0.1:20001/SOGo ; do sleep 3 ; done" From cfe62ebd75288c447208df28f4c96d827909ad43 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 30 Apr 2024 11:11:16 +0200 Subject: [PATCH 6/6] Refactor LDAP domain selection in Settings.vue --- ui/public/i18n/en/translation.json | 3 --- ui/src/views/Settings.vue | 34 ------------------------------ 2 files changed, 37 deletions(-) diff --git a/ui/public/i18n/en/translation.json b/ui/public/i18n/en/translation.json index e7560a3..c614189 100644 --- a/ui/public/i18n/en/translation.json +++ b/ui/public/i18n/en/translation.json @@ -35,9 +35,6 @@ "choose_mail_server": "Select a domain", "choose_the_mail_server_to_use": "Choose the domain suffix used for both identifying and initializing the user account and their mail address preferences", "mail_server_is_not_valid": "This mail server cannot be used by SOGo webmail", - "ldap_domain": "LDAP domain", - "choose_ldap_domain": "Choose the LDAP domain used for user authentication", - "choose_the_ldap_domain_to_authenticate_users": "Choose the LDAP user domain to authenticate users from an internal/external samba or openldap directory", "adminList": "Administrator list", "Write_administrator_list": "Write one administrator per line", "dav_tips":"Dav allows to synchronize calendars and adressbooks", diff --git a/ui/src/views/Settings.vue b/ui/src/views/Settings.vue index 9189ea6..d97e62e 100644 --- a/ui/src/views/Settings.vue +++ b/ui/src/views/Settings.vue @@ -90,28 +90,6 @@ {{ $t("settings.choose_the_mail_server_to_use") }} - - - @@ -274,7 +252,6 @@ export default { isActivesyncEnabled: true, isDavEnabled: true, isAuxiliaryAccountEnabled: true, - ldap_domain: "", mail_server: "", mail_domain: "", admin_users: "", @@ -292,7 +269,6 @@ export default { lets_encrypt: "", http2https: "", mail_server: "", - ldap_domain: "", admin_users: "", workers_count: "", }, @@ -376,7 +352,6 @@ export default { } else { this.mail_server = ""; } - this.ldap_domain = config.ldap_domain; // if mail_server_URL is empty, set default value if (this.mail_server_URL.length === 0) { // we want to avoid to save the form, there is no users set in the mail domain @@ -414,14 +389,6 @@ export default { } isValidationOk = false; } - if (!this.ldap_domain) { - this.error.ldap_domain = "common.required"; - - if (isValidationOk) { - this.focusElement("ldap_domain"); - } - isValidationOk = false; - } if (this.admin_users) { // test if the admin_users is valid const admin_users = this.admin_users.split("\n"); @@ -499,7 +466,6 @@ export default { dav: this.isDavEnabled, mail_server: mail_server_tmp, mail_domain: mail_domain_tmp, - ldap_domain: this.ldap_domain, admin_users: this.admin_users.split("\n").join(",").toLowerCase().trim(), workers_count: this.workers_count.toString(), auxiliary_account: this.isAuxiliaryAccountEnabled,