Intento configurar mi propio servidor de correo con autenticación contra Ldap (FreeIPA). Todos ellos deben ejecutarse dentro de un contenedor acoplable. No sé qué estoy haciendo mal. Quizás sea mi configuración ldap.
version: '3.9'
services:
freeipa:
image: freeipa/freeipa-server:centos-9-stream-4.10.0
container_name: ipa
restart: unless-stopped
tty: true
stdin_open: true
hostname: ipa
domainname: ipa.example.local
#read_only: true
networks:
priv_network:
ipv4_address: 172.16.1.10
extra_hosts:
- "ipa.example.local:172.16.1.10"
environment:
- IPA_SERVER_HOSTNAME=ipa.example.local
- IPA_SERVER_IP=172.16.1.10
- TZ=Europe/Berlin
command:
- --realm=example.local
- --domain=example.local
- --ds-password=secret123
- --admin-password=secret123
- --no-host-dns
- --setup-dns
- --auto-forwarders
- --allow-zone-overlap
- --no-dnssec-validation
- --unattended
- --skip-mem-check
- --auto-forwarders
- --auto-reverse
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.lo.disable_ipv6=0
volumes:
- ./vol/freeipa/data:/data
- ./vol/freeipa/logs:/var/logs
- ./vol/freeipa/config:/root/pw-portal/config
- /sys/fs/cgroup:/sys/fs/cgroup:ro
tmpfs:
- /run
- /var/cache
- /tmp
cap_add:
- SYS_TIME
- NET_ADMIN
ports:
- 443:443
- 389:389
roundcubemail:
image: roundcube/roundcubemail:latest
container_name: roundcubemail
volumes:
- ./vol/roundcube/www:/var/www/html
- ./vol/roundcube/db/sqlite:/var/roundcube/db
ports:
- 9002:80
environment:
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN=elastic
- ROUNDCUBEMAIL_DEFAULT_HOST=tls://172.16.1.11
- ROUNDCUBEMAIL_SMTP_SERVER=tls://172.16.1.11
networks:
priv_network:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mail
domainname: mail.example.local
restart: unless-stopped
volumes:
- ./vol/mailserver/data/:/var/mail/
- ./vol/mailserver/state/:/var/mail-state/
- ./vol/mailserver/logs/:/var/log/mail/
- ./vol/mailserver/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_SPAMASSASSIN=0
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=0
- ENABLE_POSTGREY=0
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=ldap://ipa
- LDAP_BIND_DN=uid=admin,cn=users,cn=accounts,dc=example,dc=local
- LDAP_BIND_PW=secret123
- LDAP_SEARCH_BASE=cn=users,cn=accounts,dc=example,dc=local
- LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)
- LDAP_QUERY_FILTER_USER=(mail=%U@%s)
- LDAP_QUERY_FILTER_ALIAS=(|) # doesn't match anything
- LDAP_QUERY_FILTER_GROUP=(|) # doesn't match anything
- LDAP_QUERY_FILTER_SENDERS=(mail=%s)
- SPOOF_PROTECTION=1
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_FILTER=(&(mail=%[email protected])(objectClass=inetOrgPerson))
- ONE_DIR=1
- PERMIT_DOCKER=host
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))
- DOVECOT_PASS_ATTRS==password=%{ldap:userPassword},=user=%{ldap:uid}
- DOVECOT_USER_ATTRS==home=/var/mail/%{ldap:uid},=mail=maildir:~/Maildir,uidNumber=uid,gidNumber=gid
cap_add:
- NET_ADMIN
networks:
priv_network:
ipv4_address: 172.16.1.11
networks:
priv_network:
name: ext_priv_network
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.1.0/24
gateway: 172.16.1.1
Creé un usuario e inicié sesión en IPA por primera vez para establecer una contraseña. Si intento iniciar sesión en mi Roundcube, solo obtengo un error de inicio de sesión. El servidor de correo imprimió el siguiente mensaje.
Dec 25 08:59:52 mail dovecot: auth: ldap(test.user,172.16.1.2,<m+/uPaPw4pasEAEC>): unknown user (SHA1 of given password: f2b14f)
Dec 25 08:59:54 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<test.user>, method=PLAIN, rip=172.16.1.2, lip=172.16.1.11, session=<m+/uPaPw4pasEAEC>
Dec 25 09:00:39 mail postfix/pickup[1906]: 517F864B0E: uid=101 from=<root>
Dec 25 09:00:39 mail postfix/cleanup[1910]: 517F864B0E: message-id=<[email protected]>
Dec 25 09:00:39 mail postfix/cleanup[1910]: warning: dict_ldap_lookup: Search error 2: Protocol error
Dec 25 09:00:39 mail postfix/cleanup[1910]: warning: ldap:/etc/postfix/ldap-aliases.cf lookup error for "[email protected]"
Dec 25 09:00:39 mail postfix/cleanup[1910]: warning: 517F864B0E: virtual_alias_maps map lookup problem for [email protected] -- message not accepted, try again later
Dec 25 09:00:39 mail postfix/pickup[1906]: 5228D64B0E: uid=0 from=<root>
Dec 25 09:00:39 mail postfix/cleanup[1923]: 5228D64B0E: message-id=<[email protected]>
Dec 25 09:00:39 mail postfix/cleanup[1923]: warning: dict_ldap_lookup: Search error 2: Protocol error
Dec 25 09:00:39 mail postfix/cleanup[1923]: warning: ldap:/etc/postfix/ldap-aliases.cf lookup error for "[email protected]"
¿Cuál es la sintaxis LDAP correcta para Dovecot DOVECOT_USER_FILTER, DOVECOT_PASS_ATTRS y DOVECOT_USER_ATTRS?