Branch 'dev/boddie' - 11 commits - conf/kolab.conf pykolab/auth pykolab/setup
Paul Boddie
boddie at kolabsys.com
Sun Mar 23 18:05:15 CET 2014
conf/kolab.conf | 3 -
pykolab/auth/ldap/__init__.py | 2
pykolab/setup/services.py | 21 +++++++++
pykolab/setup/setup_imap.py | 2
pykolab/setup/setup_ldap.py | 22 ++++-----
pykolab/setup/setup_mta.py | 98 ++++++++++++++++++++++++++++++------------
6 files changed, 106 insertions(+), 42 deletions(-)
New commits:
commit 1e17594bcb0ced88c42494e6bdd543899e233109
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sun Mar 23 17:46:49 2014 +0100
Tentative fix to make shared folders writable; otherwise iTIP messages to resources bounce.
diff --git a/conf/kolab.conf b/conf/kolab.conf
index 26a5a64..6bf2125 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -206,6 +206,7 @@ kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgr
; Same again
sharedfolder_base_dn = ou=Shared Folders,%(base_dn)s
sharedfolder_filter = (objectclass=kolabsharedfolder)
+sharedfolder_delivery_address_attribute = mail
; Same again. Resources live in a different OU structure or;
;
commit 77e81f550513c55e554d9176b39ae13efb7567cf
Merge: b2cb459 015de50
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sun Mar 23 14:50:37 2014 +0100
Merge branch 'paul-fix' into dev/boddie
commit 015de500d58d86afeb6b1c3b9c4800282bb99060
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sun Mar 23 14:50:16 2014 +0100
Removed phantom method call.
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index a9070b8..7a7cb6a 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -1195,8 +1195,6 @@ class LDAP(pykolab.base.Base):
self.init_entry_attribute(entry, 'kolabtargetfolder')
- self.init_folder_for_entry(entry)
-
folder_path = self.get_folder_path(entry)
self.init_folder_acl(entry)
commit b2cb4593d8ffc5f369775fd2e3d7e8b0def0596b
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sun Mar 23 14:39:46 2014 +0100
Quote shared folder LDAP results to avoid Postfix breaking up names containing spaces.
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index e2295a6..5ddc66e 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -537,5 +537,5 @@ bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder))
result_attribute = kolabtargetfolder
-result_format = shared+%%s
+result_format = "shared+%%s"
"""
commit 3d36fb5813e15e29bfa80aaa95acb46bdfedb6d1
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sun Mar 23 02:04:34 2014 +0100
Fixed transport filename, broken during refactoring.
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 11d0f5d..e2295a6 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -159,7 +159,7 @@ def _execute(*args, **kw):
# Check to see if the transport file was already written.
- transport_file = join(prefix, "transport")
+ transport_file = "/etc/postfix/transport"
transport_file_content = postfix_transport % {'domain': conf.get('kolab', 'primary_domain')}
matching_transport = file_contains_data(transport_file, transport_file_content)
commit 5e85c9437ec5aeb9e69feaf8b69065d91e804951
Merge: 8c50f0b 4c513f8
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 23:49:28 2014 +0100
Merge branch 'paul-ldap-io' into dev/boddie
commit 8c50f0b290799338d507fe94c34c989c26208d95
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 23:47:57 2014 +0100
Permit template instantiation when configuration is needed and is taking place.
diff --git a/pykolab/setup/setup_imap.py b/pykolab/setup/setup_imap.py
index fe239e6..e3b5563 100644
--- a/pykolab/setup/setup_imap.py
+++ b/pykolab/setup/setup_imap.py
@@ -206,7 +206,7 @@ def configure_cyrus_imapd(imapd_settings):
# Instantiate the template unless only checking is being performed.
if template_file is not None:
- matching_config = matching_config and instantiate_template(template_file, output_file, settings, check_only=conf.check_only)
+ matching_config = instantiate_template(template_file, output_file, settings, check_only=conf.check_only) and matching_config
else:
log.error(_("Could not write out Cyrus IMAP configuration file %s") % output_file)
sys.exit(1)
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c2a78f8..5800b3c 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -235,7 +235,7 @@ def execute(*args, **kw):
output_file = '/etc/postfix/master.cf'
if template_file is not None:
- matching_config = matching_config and instantiate_template(template_file, output_file, [postfix_master_settings], check_only=conf.check_only)
+ matching_config = instantiate_template(template_file, output_file, [postfix_master_settings], check_only=conf.check_only) and matching_config
else:
log.error(_("Could not write out Postfix configuration file %s") % output_file)
return
@@ -260,7 +260,7 @@ def execute(*args, **kw):
output_file = '/etc/amavisd/amavisd.conf'
if template_file is not None:
- matching_config = matching_config and instantiate_template(template_file, output_file, [amavisd_settings], check_only=conf.check_only)
+ matching_config = instantiate_template(template_file, output_file, [amavisd_settings], check_only=conf.check_only) and matching_config
else:
log.error(_("Could not write out Amavis configuration file %s") % output_file)
return
commit 3e57ce0d8804a8df0930178e11d53d95eb1cc52c
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 23:17:43 2014 +0100
Fixed property for ConfigParser interpolation rules.
diff --git a/conf/kolab.conf b/conf/kolab.conf
index 122c657..26a5a64 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -370,7 +370,7 @@ result_attribute = mail
uri = imaps://localhost:993
mail_uid = vmail
mail_gid = vmail
-mail_location = mbox:/var/mail/vmail/%u
+mail_location = mbox:/var/mail/vmail/%%u
[wallace]
modules = resources, footer
commit 4c513f859256fe1a9bb15fcd1400a3c2796dfdc0
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 21:32:27 2014 +0100
Fixed unpropagated variable after refactoring.
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index b961669..74cc828 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -583,7 +583,7 @@ def _execute(*args, **kw):
if update_directory:
try:
- populate_schema(_input)
+ populate_schema(_input, not schema_error)
except ldap.ALREADY_EXISTS:
log.info(_("Information already seems to exist in the directory."))
@@ -622,7 +622,7 @@ def ensure_slapd_service(hostname):
else:
return False
-def populate_schema(_input):
+def populate_schema(_input, have_schema=True):
"""
Populate the schema using the values from '_input', although the
@@ -805,7 +805,7 @@ def populate_schema(_input):
dn = conf.get('ldap', 'base_dn')
aci = []
- if schema_error:
+ if not have_schema:
aci.append('(targetattr = "carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier") (version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)')
else:
aci.append('(targetattr = "carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || l || labeledURI || mobile || o || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier || kolabDelegate || kolabInvitationPolicy || kolabAllowSMTPSender") (version 3.0; acl "Enable self write for common attributes"; allow (read,compare,search,write)(userdn = "ldap:///self");)')
commit b72ed4232cf38393bd117ac9d30d54637f2b90b2
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 20:18:46 2014 +0100
Replaced stderr usage with the interaction functions.
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index d48299a..b961669 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -129,7 +129,9 @@ def _execute(*args, **kw):
ask_for_credentials = unconfigured or conf.reset_ldap_config
if conf.without_ldap:
- print >> sys.stderr, _("Skipping setup of LDAP, as specified")
+ ask_question("kolab-conf/ldap-setup-skipped",
+ _("Skipping setup of LDAP, as specified.")
+ )
return
if conf.with_openldap and not conf.with_ad:
@@ -155,13 +157,12 @@ def _execute(*args, **kw):
return
elif conf.with_ad and conf.with_openldap:
- print >> sys.stderr, utils.multiline_message(
+ ask_question("kolab-conf/ldap-system-conflict",
_("""
- You can not configure Kolab to run against OpenLDAP
+ You cannot configure Kolab to run against OpenLDAP
and Active Directory simultaneously.
""")
)
-
sys.exit(1)
# Where the LDAP server is to be chosen explicitly, interact with the user.
@@ -489,7 +490,7 @@ def _execute(*args, **kw):
'--file=%s' % (filename)
]
- print >> sys.stderr, utils.multiline_message(
+ ask_question("kolab-conf/ldap-setup-in-progress",
_("""
Setup is now going to set up the 389 Directory Server. This
may take a little while (during which period there is no
@@ -567,7 +568,6 @@ def _execute(*args, **kw):
# Handle any failure to restart the service.
if not ensure_slapd_service(_input['hostname']):
- print >> sys.stderr, _("Directory service not started. Exiting...")
log.error(_("Directory server service not available."))
sys.exit(1)
@@ -585,7 +585,7 @@ def _execute(*args, **kw):
try:
populate_schema(_input)
except ldap.ALREADY_EXISTS:
- print >> sys.stderr, _("Information already seems to exist in the directory.")
+ log.info(_("Information already seems to exist in the directory."))
def find_schema_file():
for kolab_dir in glob('/usr/share/doc/kolab*'):
@@ -615,7 +615,7 @@ def ensure_slapd_service(hostname):
if have_slapd_process(hostname):
return True
else:
- print >> sys.stderr, _("Directory service not started. Starting...")
+ log.info(_("Directory service not started. Starting..."))
if not control_service('dirsrv', 'start', '.target'):
log.error(_("Could not start the directory server service."))
time.sleep(10)
commit 20c1aa9d8ff90ca6f5fc42d2ad953fc068958353
Author: Paul Boddie <paul at boddie.org.uk>
Date: Sat Mar 22 18:13:52 2014 +0100
Attempted to configure TLS settings for Postfix in a more versatile manner.
diff --git a/pykolab/setup/services.py b/pykolab/setup/services.py
index 1d6e88e..a836a5a 100644
--- a/pykolab/setup/services.py
+++ b/pykolab/setup/services.py
@@ -275,6 +275,27 @@ def stop_interaction():
def have_postfix():
return have_command(['postfix', 'status'])
+# Certificate-related functions.
+
+def get_certificate_path(name):
+ if is_debian():
+ return '/etc/ssl/certs/%s.pem' % name
+ else:
+ return '/etc/pki/tls/certs/%s.pem' % name
+
+def get_private_key_path(name):
+ if is_debian():
+ return '/etc/ssl/private/%s.key' % name
+ else:
+ return '/etc/pki/tls/private/%s.pem' % name
+
+def make_ssl_certificate(key_filename):
+ for program in ['/etc/pki/tls/certs/make-dummy-cert']:
+ if isfile(program):
+ call([program, key_filename])
+ return True
+ return False
+
# Apache-related functions.
def get_apache_site_dir():
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c2a78f8..aef29ef 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -55,6 +55,17 @@ def description():
def execute(*args, **kw):
+ # Signal that interaction may occur. This will involve debconf and similar
+ # system-specific mechanisms if available.
+
+ start_interaction("kolab-conf/title-mta")
+ try:
+ _execute(*args, **kw)
+ finally:
+ stop_interaction()
+
+def _execute(*args, **kw):
+
# If Postfix is not actually installed, continue under the assumption that
# a remote SMTP service will be used.
@@ -75,6 +86,24 @@ def execute(*args, **kw):
matching_config = True
+ # Establish the main Postfix configuration if necessary.
+ # This should have occurred during package post-installation activities.
+
+ missing_main_config = not isfile('/etc/postfix/main.cf') and isfile('/usr/share/postfix/main.cf.debian')
+ matching_config = matching_config and not missing_main_config
+
+ if missing_main_config and not conf.check_only:
+ shutil.copy(
+ '/usr/share/postfix/main.cf.debian',
+ '/etc/postfix/main.cf'
+ )
+
+ # Access the Postfix configuration.
+
+ myaugeas = Augeas()
+
+ setting_base = '/files/etc/postfix/main.cf/'
+
# Configure Postfix.
prefix = "/etc/postfix/ldap"
@@ -147,11 +176,41 @@ def execute(*args, **kw):
# Initialise certificate.
- missing_certificate = isfile('/etc/pki/tls/certs/make-dummy-cert') and not isfile('/etc/pki/tls/private/localhost.pem')
- matching_config = matching_config and not missing_certificate
+ current_certificate = myaugeas.get(join(setting_base, 'smtpd_tls_cert_file'))
+ current_key = myaugeas.get(join(setting_base, 'smtpd_tls_key_file'))
+ unset_certificate = not current_certificate or not current_key
+
+ # Ask for details of the certificate, if appropriate.
+
+ if (unset_certificate or conf.reset_postfix_config) and not conf.check_only:
+ default_certificate_name = is_debian() and 'ssl-cert-snakeoil' or 'localhost'
+
+ certificate_name = ask_question("kolab-conf/ssl-certificate-selection",
+ _("""
+ Please indicate the name of the certificate to be used
+ by Postfix. If this is a new certificate, an attempt
+ will be made to create it. Note that this should be only
+ a simple name like "localhost" or "ssl-cert-snakeoil",
+ not a filename or pathname.
+ """),
+ _("Certificate name"),
+ default=default_certificate_name
+ ).strip()
+
+ current_certificate = get_certificate_path(certificate_name)
+ current_key = get_private_key_path(certificate_name)
+
+ # Detect and create a certificate, if appropriate.
+ # Here, we test the certificate and not the key because there can be an
+ # inconsistency between usage of .pem and .key for the keys, but
+ # certificates always seem to use .pem as their suffix.
+
+ missing_certificate = not isfile(current_certificate)
if missing_certificate and not conf.check_only:
- call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
+ make_ssl_certificate(current_key)
+
+ matching_config = matching_config and not unset_certificate and not missing_certificate
# Acquire the settings from a global defined below, duplicating the global
# to be safe.
@@ -159,20 +218,9 @@ def execute(*args, **kw):
postfix_main_settings = {}
postfix_main_settings.update(_postfix_main_settings)
- if isfile('/etc/pki/tls/private/localhost.pem'):
- postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
- postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
-
- # Establish the main Postfix configuration if necessary.
-
- missing_main_config = not isfile('/etc/postfix/main.cf') and isfile('/usr/share/postfix/main.cf.debian')
- matching_config = matching_config and not missing_main_config
-
- if missing_main_config and not conf.check_only:
- shutil.copy(
- '/usr/share/postfix/main.cf.debian',
- '/etc/postfix/main.cf'
- )
+ if unset_certificate:
+ postfix_main_settings['smtpd_tls_cert_file'] = current_certificate
+ postfix_main_settings['smtpd_tls_key_file'] = current_key
# Copy header checks files.
@@ -189,12 +237,8 @@ def execute(*args, **kw):
# Update the main Postfix configuration.
- myaugeas = Augeas()
-
- setting_base = '/files/etc/postfix/main.cf/'
-
for setting_key, proposed_value in postfix_main_settings.items():
- setting = join(setting_base,setting_key)
+ setting = join(setting_base, setting_key)
current_value = myaugeas.get(setting)
# When only checking the configuration, exit the loop upon seeing any
@@ -219,7 +263,7 @@ def execute(*args, **kw):
log.debug(_("Setting key %r to %r") % (setting_key, proposed_value), level=8)
myaugeas.set(setting, proposed_value)
- if not conf.check_only:
+ if (not matching_config or conf.reset_postfix_config) and not conf.check_only:
myaugeas.save()
# Update the master Postfix configuration.
More information about the commits
mailing list