Make the ldap test working
- The smtp/imap user name is now user@domain.tld - Make the test_lookup function much more robust: it was now getting the correct file from the store.
This commit is contained in:
parent
8b03ae5701
commit
33554e57ce
3 changed files with 33 additions and 28 deletions
12
default.nix
12
default.nix
|
@ -280,8 +280,8 @@ in
|
||||||
|
|
||||||
userFilter = mkOption {
|
userFilter = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "cn=%u";
|
default = "mail=%u";
|
||||||
example = "(&(objectClass=inetOrgPerson)(cn=%u))";
|
example = "(&(objectClass=inetOrgPerson)(mail=%u))";
|
||||||
description = ''
|
description = ''
|
||||||
Filter for user lookups in Dovecot.
|
Filter for user lookups in Dovecot.
|
||||||
|
|
||||||
|
@ -304,9 +304,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
passFilter = mkOption {
|
passFilter = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.str;
|
||||||
default = "cn=%u";
|
default = "mail=%u";
|
||||||
example = "(&(objectClass=inetOrgPerson)(cn=%u))";
|
example = "(&(objectClass=inetOrgPerson)(mail=%u))";
|
||||||
description = ''
|
description = ''
|
||||||
Filter for password lookups in Dovecot.
|
Filter for password lookups in Dovecot.
|
||||||
|
|
||||||
|
@ -331,7 +331,7 @@ in
|
||||||
|
|
||||||
uidAttribute = mkOption {
|
uidAttribute = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "cn";
|
default = "mail";
|
||||||
example = "uid";
|
example = "uid";
|
||||||
description = ''
|
description = ''
|
||||||
The LDAP attribute referencing the account name for a user.
|
The LDAP attribute referencing the account name for a user.
|
||||||
|
|
|
@ -158,7 +158,7 @@ let
|
||||||
(pkgs.writeText "ldap-sender-login-map.cf" ''
|
(pkgs.writeText "ldap-sender-login-map.cf" ''
|
||||||
${commonLdapConfig}
|
${commonLdapConfig}
|
||||||
query_filter = ${cfg.ldap.postfix.filter}
|
query_filter = ${cfg.ldap.postfix.filter}
|
||||||
result_attribute = ${cfg.ldap.postfix.uidAttribute}
|
result_attribute = ${cfg.ldap.postfix.mailAttribute}
|
||||||
'');
|
'');
|
||||||
|
|
||||||
ldapVirtualMailboxMap = lib.optionalString (cfg.ldap.enable)
|
ldapVirtualMailboxMap = lib.optionalString (cfg.ldap.enable)
|
||||||
|
|
|
@ -18,6 +18,11 @@ pkgs.nixosTest {
|
||||||
|
|
||||||
virtualisation.memorySize = 1024;
|
virtualisation.memorySize = 1024;
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(pkgs.writeScriptBin "mail-check" ''
|
(pkgs.writeScriptBin "mail-check" ''
|
||||||
${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
|
${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
|
||||||
|
@ -106,35 +111,35 @@ pkgs.nixosTest {
|
||||||
};
|
};
|
||||||
testScript = ''
|
testScript = ''
|
||||||
import sys
|
import sys
|
||||||
|
import re
|
||||||
from glob import glob
|
|
||||||
|
|
||||||
machine.start()
|
machine.start()
|
||||||
machine.wait_for_unit("multi-user.target")
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
|
||||||
def test_lookup(map, key, expected):
|
# This function retrieves the ldap table file from a postconf
|
||||||
path = glob(f"/nix/store/*-{map}")[0]
|
# command.
|
||||||
value = machine.succeed(f"postmap -q alice@example.com ldap:{path}").rstrip()
|
# A key lookup is achived and the returned value is compared
|
||||||
|
# to the expected value.
|
||||||
|
def test_lookup(postconf_cmdline, key, expected):
|
||||||
|
conf = machine.succeed(postconf_cmdline).rstrip()
|
||||||
|
ldap_table_path = re.match('.* =.*ldap:(.*)', conf).group(1)
|
||||||
|
value = machine.succeed(f"postmap -q {key} ldap:{ldap_table_path}").rstrip()
|
||||||
try:
|
try:
|
||||||
assert value == expected
|
assert value == expected
|
||||||
except AssertionError:
|
except AssertionError:
|
||||||
print(f"Expected {map} lookup for key '{key}' to return '{expected}, but got '{value}'", file=sys.stderr)
|
print(f"Expected {conf} lookup for key '{key}' to return '{expected}, but got '{value}'", file=sys.stderr)
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
with subtest("Test postmap lookups"):
|
with subtest("Test postmap lookups"):
|
||||||
test_lookup("ldap-virtual-mailbox-map.cf", "alice@example.com", "alice")
|
test_lookup("postconf virtual_mailbox_maps", "alice@example.com", "alice@example.com")
|
||||||
test_lookup("ldap-sender-login-map.cf", "alice", "alice")
|
test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "alice@example.com", "alice@example.com")
|
||||||
|
|
||||||
test_lookup("ldap-virtual-mailbox-map.cf", "bob@example.com", "alice")
|
test_lookup("postconf virtual_mailbox_maps", "bob@example.com", "bob@example.com")
|
||||||
test_lookup("ldap-sender-login-map.cf", "bob", "alice")
|
test_lookup("postconf -P submission/inet/smtpd_sender_login_maps", "bob@example.com", "bob@example.com")
|
||||||
|
|
||||||
with subtest("Test doveadm lookups"):
|
with subtest("Test doveadm lookups"):
|
||||||
out = machine.succeed("doveadm user -u alice")
|
machine.succeed("doveadm user -u alice@example.com")
|
||||||
machine.log(out)
|
machine.succeed("doveadm user -u bob@example.com")
|
||||||
|
|
||||||
out = machine.succeed("doveadm user -u bob")
|
|
||||||
machine.log(out)
|
|
||||||
|
|
||||||
with subtest("Test account/mail address binding"):
|
with subtest("Test account/mail address binding"):
|
||||||
machine.fail(" ".join([
|
machine.fail(" ".join([
|
||||||
|
@ -142,16 +147,16 @@ pkgs.nixosTest {
|
||||||
"--smtp-port 587",
|
"--smtp-port 587",
|
||||||
"--smtp-starttls",
|
"--smtp-starttls",
|
||||||
"--smtp-host localhost",
|
"--smtp-host localhost",
|
||||||
"--smtp-username alice",
|
"--smtp-username alice@example.com",
|
||||||
"--imap-host localhost",
|
"--imap-host localhost",
|
||||||
"--imap-username bob",
|
"--imap-username bob@example.com",
|
||||||
"--from-addr bob@example.com",
|
"--from-addr bob@example.com",
|
||||||
"--to-addr aliceb@example.com",
|
"--to-addr aliceb@example.com",
|
||||||
"--src-password-file <(echo '${alicePassword}')",
|
"--src-password-file <(echo '${alicePassword}')",
|
||||||
"--dst-password-file <(echo '${bobPassword}')",
|
"--dst-password-file <(echo '${bobPassword}')",
|
||||||
"--ignore-dkim-spf"
|
"--ignore-dkim-spf"
|
||||||
]))
|
]))
|
||||||
machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user alice'")
|
machine.succeed("journalctl -u postfix | grep -q 'Sender address rejected: not owned by user alice@example.com'")
|
||||||
|
|
||||||
with subtest("Test mail delivery"):
|
with subtest("Test mail delivery"):
|
||||||
machine.succeed(" ".join([
|
machine.succeed(" ".join([
|
||||||
|
@ -159,9 +164,9 @@ pkgs.nixosTest {
|
||||||
"--smtp-port 587",
|
"--smtp-port 587",
|
||||||
"--smtp-starttls",
|
"--smtp-starttls",
|
||||||
"--smtp-host localhost",
|
"--smtp-host localhost",
|
||||||
"--smtp-username alice",
|
"--smtp-username alice@example.com",
|
||||||
"--imap-host localhost",
|
"--imap-host localhost",
|
||||||
"--imap-username bob",
|
"--imap-username bob@example.com",
|
||||||
"--from-addr alice@example.com",
|
"--from-addr alice@example.com",
|
||||||
"--to-addr bob@example.com",
|
"--to-addr bob@example.com",
|
||||||
"--src-password-file <(echo '${alicePassword}')",
|
"--src-password-file <(echo '${alicePassword}')",
|
||||||
|
|
Loading…
Reference in a new issue