Include ldap support in docker image (#205)

* include postfix-ldap in docker build

* Add integration tests (#3)

* Redo ldap test to use postmap instead of sending email

---------

Co-authored-by: Aaron Reisman <areisman@epic.com>

build-scripts/postfix-install.sh

@@ -8,7 +8,7 @@ fi
 do_alpine() {
     apk update
     apk add --upgrade cyrus-sasl cyrus-sasl-static cyrus-sasl-digestmd5 cyrus-sasl-crammd5 cyrus-sasl-login cyrus-sasl-ntlm libsasl
-    apk add postfix postfix-pcre
+    apk add postfix postfix-pcre postfix-ldap
     apk add opendkim
     apk add --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb logrotate netcat-openbsd
 }
@@ -23,7 +23,7 @@ do_ubuntu() {
     echo "Europe/Berlin" > /etc/timezone
     apt-get update -y -q
     apt-get install -y libsasl2-modules sasl2-bin
-    apt-get install -y postfix postfix-pcre
+    apt-get install -y postfix postfix-pcre postfix-ldap
     apt-get install -y opendkim
     apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp25 sasl2-bin postfix-lmdb procps logrotate cron net-tools ${RELEASE_SPECIFIC_PACKAGES}
     apt-get clean

integration-tests/ldap/docker-compose.yml

@@ -0,0 +1,31 @@
+version: '3.7'
+services:
+  tests:
+    hostname: "postfix"
+    image: "boky/postfix"
+    restart: "no"
+    volumes:
+      - "./tests:/tests"
+      - "./postfix-conf:/etc/postfix/conf/"
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_EMPTY_SENDER_DOMAINS: "example.org"
+      POSTFIX_smtpd_end_of_data_restrictions: "check_client_access static:discard"
+    entrypoint: [ "/bin/sh", "-c" ]
+    command: [ "/tests/test.sh" ]
+    depends_on:
+      ldap:
+        condition: service_healthy
+        restart: true
+  ldap:
+    hostname: "ldap"
+    image: "thoteam/slapd-server-mock"
+    restart: always
+    healthcheck:
+      test: [ "CMD-SHELL", "bash -c 'exec 6<> /dev/tcp/localhost/389'" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./ldap-conf:/bootstrap/"

integration-tests/ldap/ldap-conf/config.ldif.TEMPLATE

@@ -0,0 +1,37 @@
+version: 1
+
+# Add the groupType Attribute and group class for MSAD
+# Kept for memory in case we need to enable this again
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcAttributetypes
+# olcAttributetypes: ( 1.2.840.113556.1.4.750 NAME 'groupType'
+#    SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE
+# )
+#
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcObjectClasses
+# olcObjectClasses: ( 1.2.840.113556.1.5.8 NAME 'Group'
+#         DESC 'a group of users'
+#         SUP top STRUCTURAL
+#         MUST ( groupType $ cn)
+#         MAY ( member ) )
+
+# Configure TLS
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Configure loging
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

integration-tests/ldap/ldap-conf/data.ldif.TEMPLATE

@@ -0,0 +1,9 @@
+# demo@example.org
+dn: uid=demo,${LDAP_BASEDN}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Demo
+sn: allowed
+mail: demo@example.org

integration-tests/ldap/postfix-conf/restricted-senders.cf

@@ -0,0 +1,4 @@
+server_host = ldap://ldap
+search_base = dc=ldapmock,dc=local
+query_filter = (&(mail=%s)(sn=allowed))
+result_attribute = mail

integration-tests/ldap/tests/test.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+set -x
+
+if ! hash postmap; then
+    echo "postmap not found!" >2
+    exit 1
+fi
+
+postmap -q demo@example.org ldap:/etc/postfix/conf/restricted-senders.cf