fix!: Allow protocol in SASLAUTHD_LDAP_SERVER & adjust SASLAUTHD_LDAP_ default values (#1989)

* fix: make sure the SASLAUTHD_LDAP_HOST/PROTO logic makes sense and use LDAP_SERVER_HOST as a fallback (#1983) * chore(docs): document changes to LDAP/SASLAUTHD as of #1983 * fix!: apply default value modifications suggested in #1983 https://github.com/docker-mailserver/docker-mailserver/issues/1983#issuecomment-844848224 * chore(test): Test SASLAUTHD_LDAP_SERVER with protocol and ..._SSL=0, as well as with default bind credentials Note that there are currently no regression tests for this as there's only one setup_file, so that would require big changes to the testing methodology. * refactor!: completely remove SASLAUTHD_LDAP_SSL and SASLAUTHD_LDAP_PROTO Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com> Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
2025-08-08 23:06:49 +02:00 · 2021-05-22 22:52:56 +02:00
parent dd723f53ee
commit 66bc157c1d
6 changed files with 23 additions and 38 deletions
--- a/mailserver.env
+++ b/mailserver.env
@ -356,30 +356,27 @@ ENABLE_SASLAUTHD=0
 # `shadow` => authenticate against local user db
 # `mysql` => authenticate against mysql db
 # `rimap` => authenticate against imap server
-# NOTE: can be a list of mechanisms like pam ldap shadow
+# Note: can be a list of mechanisms like pam ldap shadow
 SASLAUTHD_MECHANISMS=

 # empty => None
 # e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server  ==> xxx.xxx.xxx.xxx
 SASLAUTHD_MECH_OPTIONS=

-# empty => localhost
+# empty => Use value of LDAP_SERVER_HOST
+# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
 SASLAUTHD_LDAP_SERVER=

-# empty or 0 => `ldap://` will be used
-# 1 => `ldaps://` will be used
-SASLAUTHD_LDAP_SSL=
-
-# empty => anonymous bind
+# empty => Use value of LDAP_BIND_DN
 # specify an object with priviliges to search the directory tree
 # e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
 # e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
 SASLAUTHD_LDAP_BIND_DN=

-# empty => anonymous bind
+# empty => Use value of LDAP_BIND_PW
 SASLAUTHD_LDAP_PASSWORD=

-# empty => Reverting to SASLAUTHD_MECHANISMS pam
+# empty => Use value of LDAP_SEARCH_BASE
 # specify the search base
 SASLAUTHD_LDAP_SEARCH_BASE=

@ -390,7 +387,7 @@ SASLAUTHD_LDAP_FILTER=

 # empty => no
 # yes => LDAP over TLS enabled for SASL
-# Must not be used together with SASLAUTHD_LDAP_SSL=1_
+# If set to yes, the protocol in SASLAUTHD_LDAP_SERVER must be ldap:// or missing.
 SASLAUTHD_LDAP_START_TLS=

 # empty => no