From 63dcb313309e218c74cf900df490854dcbaa94e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?=
 <Pierre-Elliott.Becue@crans.org>
Date: Thu, 2 Aug 2012 16:32:05 +0200
Subject: [PATCH] [SASL] Pour que redisdead fasse de l'authentification SMTP.

Ignore-this: cb29821c4567bf826fc6bccfc7cf4202

darcs-hash:20120802143205-b6762-ff46de74c6dde65e1b5dcdbb02afc48efb822a79.gz
---
 Bundler/postfix.xml                        |  6 +++
 Cfg/etc/default/saslauthd/saslauthd        | 55 ++++++++++++++++++++++
 Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf |  2 +
 Cfg/etc/saslauthd.conf/saslauthd.conf      |  5 ++
 Python/etc/postfix/main.cf                 |  2 +
 5 files changed, 70 insertions(+)
 create mode 100644 Cfg/etc/default/saslauthd/saslauthd
 create mode 100644 Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf
 create mode 100644 Cfg/etc/saslauthd.conf/saslauthd.conf

diff --git a/Bundler/postfix.xml b/Bundler/postfix.xml
index 962f1b6..7b1859e 100644
--- a/Bundler/postfix.xml
+++ b/Bundler/postfix.xml
@@ -21,4 +21,10 @@
       <ConfigFile name="/etc/postfix/ldap-sqlgrey.cf"/>
     </Group>
   </Group>
+
+  <Group name="mail-mx-main">
+    <ConfigFile name="/etc/postfix/sasl/smtpd.conf"/>
+    <ConfigFile name="/etc/saslauthd.conf"/>
+    <ConfigFile name="/etc/default/saslauthd"/>
+  </Group>
 </Bundle>
diff --git a/Cfg/etc/default/saslauthd/saslauthd b/Cfg/etc/default/saslauthd/saslauthd
new file mode 100644
index 0000000..69fb6a2
--- /dev/null
+++ b/Cfg/etc/default/saslauthd/saslauthd
@@ -0,0 +1,55 @@
+#
+# Settings for saslauthd daemon
+# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
+#
+
+# Should saslauthd run automatically on startup? (default: no)
+START=yes
+
+# Description of this saslauthd instance. Recommended.
+# (suggestion: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. Strongly recommended.
+# (suggestion: saslauthd)
+NAME="saslauthd"
+
+# Which authentication mechanisms should saslauthd use? (default: pam)
+#
+# Available options in this Debian package:
+# getpwent  -- use the getpwent() library function
+# kerberos5 -- use Kerberos 5
+# pam       -- use PAM
+# rimap     -- use a remote IMAP server
+# shadow    -- use the local shadow password file
+# sasldb    -- use the local sasldb database file
+# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
+#
+# Only one option may be used at a time. See the saslauthd man page
+# for more information.
+#
+# Example: MECHANISMS="pam"
+MECHANISMS="ldap"
+
+# Additional options for this mechanism. (default: none)
+# See the saslauthd man page for information about mech-specific options.
+MECH_OPTIONS=""
+
+# How many saslauthd processes should we run? (default: 5)
+# A value of 0 will fork a new process for each connection.
+THREADS=5
+
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# WARNING: DO NOT SPECIFY THE -d OPTION.
+# The -d option will cause saslauthd to run in the foreground instead of as
+# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
+# to run saslauthd in debug mode, please run it by hand to be safe.
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page and the output of 'saslauthd -h' for general
+# information about these options.
+#
+# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
diff --git a/Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf b/Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf
new file mode 100644
index 0000000..18d7308
--- /dev/null
+++ b/Cfg/etc/postfix/sasl/smtpd.conf/smtpd.conf
@@ -0,0 +1,2 @@
+pwcheck_method: saslauthd
+mech_list: plain login
diff --git a/Cfg/etc/saslauthd.conf/saslauthd.conf b/Cfg/etc/saslauthd.conf/saslauthd.conf
new file mode 100644
index 0000000..5207c27
--- /dev/null
+++ b/Cfg/etc/saslauthd.conf/saslauthd.conf
@@ -0,0 +1,5 @@
+ldap_servers: ldap://ldap.adm.crans.org
+ldap_bind_dn: cn=postfix,dc=crans,dc=org
+ldap_password: f34842fd04aa7f58bc45bb
+ldap_filter: (&(objectClass=posixAccount)(uid=%u))
+ldap_search_base: ou=data,dc=crans,dc=org
diff --git a/Python/etc/postfix/main.cf b/Python/etc/postfix/main.cf
index d913373..0a1a5b7 100644
--- a/Python/etc/postfix/main.cf
+++ b/Python/etc/postfix/main.cf
@@ -270,6 +270,8 @@ if main:
     content_filter = "lmtp:[amavis.adm.crans.org]:10024"
     lmtp_data_done_timeout = 1200
     lmtp_send_xforward_command = True
+    smtpd_sasl_type = cyrus
+    cyrus_sasl_config_path = /etc/postfix/sasl
 
 @# Pieces jointes
 mime_header_checks = "regexp:/etc/postfix/mime_header_checks"