From 1306b1d8f50a72d10e347187138b7031bc91c153 Mon Sep 17 00:00:00 2001 From: TK Date: Tue, 23 Jul 2024 16:47:17 +0000 Subject: [PATCH 1/4] sync only teachers, remove p_ from project maillists, add description to Subject by deleting and adding via Sieve --- src/syncer.py | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/src/syncer.py b/src/syncer.py index 9754e27..bebcc6a 100644 --- a/src/syncer.py +++ b/src/syncer.py @@ -20,8 +20,10 @@ class LinuxmusterMailcowSyncer: - ldapSogoUserFilter = "(sophomorixRole='student' OR sophomorixRole='teacher')" - ldapUserFilter = "(|(sophomorixRole=student)(sophomorixRole=teacher))" + #ldapSogoUserFilter = "(sophomorixRole='student' OR sophomorixRole='teacher')" + ldapSogoUserFilter = "( sophomorixRole='teacher')" + #ldapUserFilter = "(|(sophomorixRole=student)(sophomorixRole=teacher))" + ldapUserFilter = "(sophomorixRole=teacher)" ldapMailingListFilter = "(|(sophomorixType=adminclass)(sophomorixType=project))" ldapMailingListMemberFilter = f"(&(memberof:1.2.840.113556.1.4.1941:=@@mailingListDn@@){ldapUserFilter})" @@ -133,6 +135,8 @@ def _sync(self): continue mail = mailingList["mail"] + mail = mail[2:] if mail.startswith("p_") + desc = mailingList["description"] maildomain = mail.split("@")[-1] ret, members = self._ldap.search( self.ldapMailingListMemberFilter.replace( @@ -150,13 +154,13 @@ def _sync(self): "mail": mail, "sophomorixStatus": "U", "sophomorixMailQuotaCalculated": 1, - "displayName": mailingList["sAMAccountName"] + " (list)" + "displayName": "Verteiler " + desc }, mailcowMailboxes) self._addAliasesFromProxyAddresses( mailingList, mail, mailcowAliases) self._addListFilter(mail, list( - map(lambda x: x["mail"], members)), mailcowFilters) + map(lambda x: x["mail"], members)), desc, mailcowFilters) if mailcowDomains.queuesAreEmpty() and mailcowMailboxes.queuesAreEmpty() and mailcowAliases.queuesAreEmpty() and mailcowFilters.queuesAreEmpty(): logging.info(" * Everything up-to-date!") @@ -262,12 +266,23 @@ def _addAlias(self, alias, goto, mailcowAliases): }, alias) pass - def _addListFilter(self, listAddress, memberAddresses, mailcowFilters): + def _addListFilter(self, listAddress, memberAddresses, description, mailcowFilters): scriptData = "### Auto-generated mailinglist filter by linuxmuster ###\r\n\r\n" - scriptData += "require \"copy\";\r\n\r\n" + scriptData += "require \"editheader\";\r\n" + scriptData += "require \"copy\";\r\n" + scriptData += "require \"variables\";\r\n" + scriptData += "set \"addendum\" \""+description+"\";\r\n" + scriptData += "# Match the entire subject ...\r\n" + scriptData += "if header :matches \"Subject\" \"*\" {\r\n" + scriptData += " # ... to get it in a match group that can then be stored in a variable:\r\n" + scriptData += " set \"subject\" \"${1}\";\r\n" + scriptData += " }\r\n" + scriptData += "deleteheader \"Subject\";\r\n" + scriptData += "addheader :last \"Subject\" \"[${addendum}] ${subject}\";\r\n" for memberAddress in memberAddresses: scriptData += f"redirect :copy \"{memberAddress}\";\r\n" scriptData += "\r\ndiscard;stop;" + print(scriptData) mailcowFilters.addElement({ 'active': 1, 'username': listAddress, From 8d95a30c267af73ebb14b05e0486d2274678d584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Mon, 2 Sep 2024 15:44:34 +0200 Subject: [PATCH 2/4] add hardcoded option to disable SSL-Check on self-signed certificates --- src/ldapHelper.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ldapHelper.py b/src/ldapHelper.py index adcb971..d95c213 100644 --- a/src/ldapHelper.py +++ b/src/ldapHelper.py @@ -9,6 +9,8 @@ def __init__(self, ldapUri, ldapBindDn, ldapBindPassword, ldapBaseDn): def bind(self): try: + # uncomment to disable CERT-Check on LDAP-Server + #ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) self._ldapConnection = ldap.initialize(f"{self._uri}") self._ldapConnection.set_option(ldap.OPT_REFERRALS, 0) self._ldapConnection.simple_bind_s(self._bindDn, self._bindPassword) From 5c118953463e9319174efabf65d6398b8115e61e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Mon, 2 Sep 2024 15:46:34 +0200 Subject: [PATCH 3/4] pull the description of classes/projects from the LDAP, make LDAP_USER_FILTER and SOGO_USER_FILTER configurable via environment-variable, revert default filter variables --- src/syncer.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/syncer.py b/src/syncer.py index bebcc6a..116947c 100644 --- a/src/syncer.py +++ b/src/syncer.py @@ -20,10 +20,8 @@ class LinuxmusterMailcowSyncer: - #ldapSogoUserFilter = "(sophomorixRole='student' OR sophomorixRole='teacher')" - ldapSogoUserFilter = "( sophomorixRole='teacher')" - #ldapUserFilter = "(|(sophomorixRole=student)(sophomorixRole=teacher))" - ldapUserFilter = "(sophomorixRole=teacher)" + ldapSogoUserFilter = "(sophomorixRole='student' OR sophomorixRole='teacher')" + ldapUserFilter = "(|(sophomorixRole=student)(sophomorixRole=teacher))" ldapMailingListFilter = "(|(sophomorixType=adminclass)(sophomorixType=project))" ldapMailingListMemberFilter = f"(&(memberof:1.2.840.113556.1.4.1941:=@@mailingListDn@@){ldapUserFilter})" @@ -80,7 +78,7 @@ def _sync(self): logging.info(" * Loading groups from AD") ret, adLists = self._ldap.search( self.ldapMailingListFilter, - ["mail", "proxyAddresses", "distinguishedName", + ["mail", "proxyAddresses", "distinguishedName", "description", "sophomorixMailList", "sAMAccountName"] ) @@ -135,7 +133,8 @@ def _sync(self): continue mail = mailingList["mail"] - mail = mail[2:] if mail.startswith("p_") + if mail.startswith("p_"): + mail = mail[2:] desc = mailingList["description"] maildomain = mail.split("@")[-1] ret, members = self._ldap.search( @@ -282,7 +281,6 @@ def _addListFilter(self, listAddress, memberAddresses, description, mailcowFilte for memberAddress in memberAddresses: scriptData += f"redirect :copy \"{memberAddress}\";\r\n" scriptData += "\r\ndiscard;stop;" - print(scriptData) mailcowFilters.addElement({ 'active': 1, 'username': listAddress, @@ -304,6 +302,8 @@ def _readConfig(self): ] allowedConfigKeys = [ + "LINUXMUSTER_MAILCOW_LDAP_SOGO_USER_FILTER", + "LINUXMUSTER_MAILCOW_LDAP_USER_FILTER", "LINUXMUSTER_MAILCOW_DOCKERAPI_URI", "LINUXMUSTER_MAILCOW_API_URI" ] From 96ef7d388a4d9592ac83b99970771e570fe8b54b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20K=C3=BCchel?= Date: Mon, 2 Sep 2024 15:53:40 +0200 Subject: [PATCH 4/4] fix variable name, add documentation to change filters to restrict to teachers --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c44d8d..7cbdf98 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,11 @@ More details about the sync workflow can be found in SyncWorkflow.md - `LINUXMUSTER_MAILCOW_DOMAIN_QUOTA` - total quota of one domain. CAUTION! If this is not enough to fit all mailboxes the import will fail!! - `LINUXMUSTER_MAILCOW_ENABLE_GAL` - whether to enable the global addressbook - **Optional** Only use these if you know what you are doing! They are not required for normal operation! - - `LDAP-MAILCOW_API_URI` - mailcow API uri. + - `LINUXMUSTER_MAILCOW_API_URI` - mailcow API uri. - `LINUXMUSTER_MAILCOW_DOCKERAPI_URI` - dockerapi API uri. + - `LINUXMUSTER_MAILCOW_LDAP_USER_FILTER` - users that get mail accounts, default is teachers and students, set to `"(sophomorixRole=teacher)"` to restrict to teachers + - `LINUXMUSTER_MAILCOW_LDAP_SOGO_USER_FILTER` - users that are allowed to use SOGo, defaults to teachers or students, set to `"(sophomorixRole='teacher')"` to restrict to teachers + 4. Start additional container: `docker compose up -d linuxmuster-mailcow` 5. Check logs `docker compose logs -f linuxmuster-mailcow` (quit with ctrl+c). Please note: Connection errors are normal after all containers are started with `docker compose up -d`.