I just did a quick look and wondered, if the two newly added ENVs don't need to be added to _setup_ldap() @ ldap.sh

Does changing those ENVs actually works?

I just did a quick look and wondered, if the two newly added ENVs don't need to be added to _setup_ldap() @ ldap.sh

Does changing those ENVs actually works?

Changing the ENVs does work because the tests say so and my production ENV too since some years now ;p
That said, I am wondering if this is only used by doveadm to list users
or to list and manage them
or to also provide a list of users to replicate
I did not check this since I do not want to break my current production replication.

But most probably it's needed to list users to replicate.
Ref: #2048 (comment)

You're right. I found the snipped that handles the ENV change:

Thanks for the feedback @polarathene

Since I mostly did follow the actual testing style (of the file) could we merge this PR and cleanup this in another one?
I would like to avoid having open contributions to look after

Fine we me, just sayin :)

Since I mostly did follow the actual testing style (of the file) could we merge this PR and cleanup this in another one?

Are you actually going to follow-up with it? (in a timely manner)

It's not about testing style. I pointed out issues with how you modified the test. You are using the test suite methods itself incorrectly, not just our helpers / conventions.

I don't think we can trust the tests are reliable with the current concerns raised.

You can wait until end of the month, I may have time to address this myself. Otherwise if someone does merge this PR ignoring my concerns:

• Include a disclaimer comment at the top of the test file referencing my earlier comment about test quality concerns.
• Potentially revert all other changes to the test beyond the new test cases and comment them out, with comment referencing the same PR comment about the quality of the approach not being acceptable.

Oh gosh I forgot about this
I would really appreciate if someone can merge this and patch the test part before me

Oh gosh I forgot about this I would really appreciate if someone can merge this and patch the test part before me

This is probably not going to happen due to a simple lack of time..

Oh gosh I forgot about this I would really appreciate if someone can merge this and patch the test part before me

This is probably not going to happen due to a simple lack of time..

Nevermind, still on my todo list

I've been working on the LDAP test today, it'll be refactored and should be reviewed / merged this week sometime. Your PR here can then adapt to the new test.

I've been working on the LDAP test today, it'll be refactored and should be reviewed / merged this week sometime. Your PR here can then adapt to the new test.

Thank you so much

@williamdes while we wait on #3483 to get merged, are you familiar with any other openldap docker images that you can easily automate setup with?

The one we're using in our tests is quite outdated (version pinned), and upstream is no longer maintained for 2 years.

I have come across a bitnami / vmware image, but it doesn't support .schema files (postfix-book.schema). I figured out how to convert that to a .ldif via slaptest + slapcat I think, but still couldn't quite get the image happy as it was failing with "Invalid DN syntax" when parsing the .ldif files we have for creating the test users.

@williamdes while we wait on #3483 to get merged, are you familiar with any other openldap docker images that you can easily automate setup with?

The one we're using in our tests is quite outdated (version pinned), and upstream is no longer maintained for 2 years.

I have come across a bitnami / vmware image, but it doesn't support .schema files (postfix-book.schema). I figured out how to convert that to a .ldif via slaptest + slapcat I think, but still couldn't quite get the image happy as it was failing with "Invalid DN syntax" when parsing the .ldif files we have for creating the test users.

Yeah of course, I built one for the same reasons
https://github.com/sudo-bot/docker-openldap/
With the old one it should be plug and play
See it implemented with DMS: https://github.com/datacenters-network/mails/blob/a28cc971351bad2ee98fe63e04cb2879aeeb8877/docker-compose.yml#L173
Since years now!

Please file issues with anything you want to have for it
Yes I need to add documentation ^^

The LDAP test refactor PR is merged, I'll revise the portion of your test changes in this PR by the weekend 👍

I managed to resolve the issue I was facing today. I gave your image a look but didn't feel it was a better choice for DMS maintainers to rely on. Detailed notes below.

With the old one it should be plug and play

Doesn't seem that way. I looked through the reference links you provided but stopped by this point:

docker run --rm --name ldap-test \
  --env LDAP_ADMIN_PASSWORD=admin --env LDAP_CONFIG_PASSWORD=admin --env LDAP_MONITOR_PASSWORD=admin \
  --env LDAP_BASE_DN='dc=example,dc=test' \
  --env LDAP_AUTH_BASE_DN='ou=people,dc=example,dc=test' \
  --volume '/tmp/ldifs/:/ldifs/:ro' \
  --hostname 'ldap.example.test' \
  botsudo/docker-openldap

It wanted me to configure more ENV and refused to exit with ctrl+c. Also looking over your reference links, it was unclear how the custom data would be populated by the image beyond the seeding example where you have extra scripts to handle it.

The image itself seems to have a lot more going on package / config wise, I would have liked to get the bitnami/openldap image working, but it kept exiting when supplying the .ldif account files:

Alternative (most popular openldap image actively maintained): bitnami/openldap

 docker run --rm --name ldap-test \
  --env LDAP_ROOT='dc=example,dc=test' \
  --env LDAP_PORT_NUMBER=389 \
  --env BITNAMI_DEBUG=true \
  --volume '/tmp//ldifs/:/ldifs/:ro' \
  --volume '/tmp/schema/postfix-schema.ldif:/schema/custom.ldif:ro' \
  --hostname 'ldap.example.test' \
  bitnami/openldap:latest

That image lets you supply a directory with .ldif files to seed with, but the image doesn't support .schema files apparently. The advice I had come across was to convert .schema into .ldif, so I have done that for the postfix-book.schema (and volume mounted above per the image README):

# Read a conf file that imports the schema and any dependencies needed, then export:
mkdir /tmp/ldif-output
slaptest -f /postfix-schema.conf -F /tmp/ldif-output

# Reads converted schema output and filters out unnecessary properties, saving to ldif file:
slapcat -o ldif_wrap=no -n 0 -F /tmp/ldif -H "ldap:///???(cn={4}postfix-book)" \
  | grep -v ^structuralObjectClass: \
  | grep -v ^entryUUID: \
  | grep -v ^creatorsName: \
  | grep -v ^createTimestamp: \
  | grep -v ^entryCSN: \
  | grep -v ^modifiersName: \
  | grep -v ^modifyTimestamp: \
  | sed -e "s/{4}postfix-book/postfix-book/" > /tmp/postfix-schema.ldif

/postfix-schema.conf:

include /opt/bitnami/openldap/etc/schema/core.schema
include /opt/bitnami/openldap/etc/schema/cosine.schema
include /opt/bitnami/openldap/etc/schema/inetorgperson.schema
include /opt/bitnami/openldap/etc/schema/nis.schema
include /postfix-book.schema

/tmp/postfix-schema.ldif:

dn: cn=postfix-book,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: postfix-book
olcAttributeTypes: {0}( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory' DESC 'The absolute path to the mail user home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias' DESC 'RFC822 Mailbox - mail alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {2}( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber' DESC 'UID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber' DESC 'GID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled' DESC 'TRUE to enable, FALSE to disable account' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember' DESC 'Name of a mail distribution list' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {6}( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota' DESC 'Mail quota limit in kilobytes' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {7}( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory' DESC 'The absolute path to the mail users mailbox' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount' DESC 'Mail account used in Postfix Book' SUP top AUXILIARY MUST mail MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember $ mailUidNumber $ mailGidNumber $ mailEnabled $ mailQuota $ mailStorageDirectory ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward' DESC 'Mail forward used in Postfix Book' SUP top AUXILIARY MUST ( mail $ mailAlias ) )

Even if that's one of the first items to be parsed lumped in with the /ldifs mount dir, it still has problems 🤷‍♂️ Yet if I shell in to the container instead with those files mounted at a different location and manually add them with ldapadd no problem. I'd have to troubleshoot further, but supposedly just mounting the /ldifs dir alters the initial config setup.

One issue on their repo suggested using their supported /docker-entrypoint-initdb.d/ to add in a custom shell script that would do the necessary ldapadd.

My previous comment suggests I may have got it working at some point, but not quite with the "Invalid DN syntax" issue.

Alternative: bitnami/openldap image variant

Based off bitnami/openldap: https://github.com/clayrisser/docker-openldap

This image carries the postfix-book.schema among other improvements, and provides the best experience so far, although it's a bit to new but for using in tests should be fine 👍

 docker run --rm --name ldap-test \
  --env LDAP_ROOT='dc=example,dc=test' \
  --env LDAP_PORT_NUMBER=389 \
  --env BITNAMI_DEBUG=true \
  --volume '/tmp//ldifs/:/ldifs/:ro' \
  --volume '/tmp/migrations:/migrations:ro' \
  --hostname 'ldap.example.test' \
  registry.gitlab.com/bitspur/rock8s/docker-openldap

The only issue I ran into was getting testsaslauthd to be successful. Got familiar with LDAP a bit more and some commands, and eventually figured out the issue was the default ACL config was causing a misleading "Invalid credentials (49)" error.

The separate migrations/ volume provides an .ldif that corrects that based on our current osixia/openldap image used and related openldap docs I came across.

Can you open an issue on my image?

If I understand you are missing loading ldiff files at startup?

You "should not need" to load more of them since they are pre loaded by myself, the postfix schema and all.
No more need for a custom image
That said I did some tweaks to have saslauthd inside it, maybe I should remove this part in a variant of the image

The LDAP test refactor PR is merged, I'll revise the portion of your test changes in this PR by the weekend 👍

On it

Documentation preview for this PR is ready! 🎉

Built with commit: 80818b3

On it

Yeah sorry, I've had some other events need my attention and within DMS I've been trying to queue some additional LDAP related changes before adjusting the test a bit more before meeting your requirements needed here. Almost there 😅

Once this PR is merged, adding your LDAP test cases should be pretty straight-forward 😁

• Add CONTAINER0_NAME= (where 0 is incremented appropriately) with a value matching the convention shown at the top of the test file. See the referenced PR for usage with the extra container added for a test-case.
• Add container config/setup at end of setup(), just before the final export (used to set CONTAINER_NAME to the main DMS container).
• Add your test-cases with a small change like the modified one shows (should only require adding the extra export CONTAINER_NAME= line).
• You do not need to worry about adding your new ENVs with heavy comments like the others have. Just define them as you have is good enough 👍

Alternatively I'll take care of it once that PR is merged.

I am considering a different approach that should meet your needs for these two settings, and any other users future needs for missing settings that these configs are meant to support. Our current approach is a bit awkward and could be improved both for the user and maintainers.

@williamdes how important is the ENV support to set these two settings vs including a file with them? I understand your request for this was to avoid the user-patches.sh workaround you currently use.

Only Postfix LDAP config files are supported in /tmp/docker-mailserver right now, but since they replace the internal base config instead of compliment it, that requires providing all the other settings needed (I plan to fix that). I understand the convenience of ENV, my concern is just if we really should have override support for each individual setting of these files via ENV vs defer to supplying configs like any other feature.

UPDATE:: For ENV replacement at least with the new template approach I'm going to open a PR for, it'd be handled by this little dance:

ENV_PREFIX='DOVECOT_'
ENV_TEMPLATE=/dms/ldap/dovecot.tmpl

# Ensures that envsubst is only run with ENV from the target prefix.
# Those ENV were provided as a generated `.env` file (with prefix dropped by sed)
# to zenv which runs the envsubst command within that constrained environment.

env --ignore-environment \
  ./zenv --file <(env | grep "^${ENV_PREFIX}" | sed "s/^${ENV_PREFIX}//") \
  envsubst < "${ENV_TEMPLATE}"

# stdout now provides the transformed template to be layered with any potential user supplied file config.

That's viable I guess 😅

This pull request has become stale because it has been open for 20 days without activity.
This pull request will be closed in 10 days automatically unless:

• a maintainer removes the meta/stale label or adds the stale-bot/ignore label
• new activity occurs, such as a new comment

Closing this one. My brain forgot what was left todo.

Feel free to pick stuff out if needed

Thank you for your work on LDAP support @polarathene !

Please do mention me directly on PRs so I can review them if you want.

Having an easier way to define ENVs to create the dovecot config keys

@williamdes how important is the ENV support to set these two settings vs including a file with them? I understand your request for this was to #2048 (comment).

The only goal was to remove more lines from my patch file :)

Thank you for closing this as it has become stale! This saves me the maintenance of stale PRs :)

Please do mention me directly on PRs so I can review them if you want.

#3524 is the improved approach to what this PR was tackling. It enables support more broadly. Feel free to review it or suggest feedback for some concerns I've noted.

It's only really blocked by my rewrite of the docs for the feature which I've kept on-hold due to very low time right now. Hoping to have a week or so for dedicating to DMS later this month.