5 files changed, 20 insertions, 14 deletions

diff --git a/group_vars/mail.yml b/group_vars/mail.yml
index c69cc82..1114ca8 100644
--- a/group_vars/mail.yml
+++ b/group_vars/mail.yml
@@ -17,14 +17,10 @@ ldap_search_base: "{{ 'dc=' ~ idm_domain | regex_replace('\\.', ',dc=') }}"
 ldap_bind_dn: "dn=token"
 
 ldap_query_filter_user: "(&(class=account)(emailprimary=%s))"
-ldap_query_filter_group: "(&(class=account)(emailprimary=%s))"
+ldap_query_filter_group: "(&(class=group)(mail=%s))"
 ldap_query_filter_alias: "(&(class=account)(emailalternative=%s))"
-ldap_query_filter_domain: "(&(class=account)(emailprimary=%s))"
-ldap_query_filter_senders: "(&(class=account)(emailprimary=%s))"
-
-sasl_ldap_filter: >
-  (&(|(name=%U)(emailprimary=%U))(class=account)
-  (memberOf=cn=mail,{{ ldap_search_base }}))
+ldap_query_filter_domain: "(mail=*@%s)"
+ldap_query_filter_senders: "(&(class=account)(|(emailprimary=%s)(emailalternative=%s)))"
 
 dovecot_user_filter: >
   (&(class=account)(name=%u)
diff --git a/playbooks/roles/mail/templates/stacks/docker-compose.yml b/playbooks/roles/mail/templates/stacks/docker-compose.yml
index debaac1..38e63cb 100644
--- a/playbooks/roles/mail/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/mail/templates/stacks/docker-compose.yml
@@ -101,10 +101,10 @@ services:
       - LDAP_QUERY_FILTER_DOMAIN={{ ldap_query_filter_domain }}
       - LDAP_QUERY_FILTER_SENDERS={{ ldap_query_filter_senders }}
 
-      - POSTMASTER_ADDRESS={{ postmaster_email }}
+      - SASLAUTHD_MECHANISMS=rimap
+      - SASLAUTHD_MECH_OPTIONS=127.0.0.1
 
-      - SASLAUTHD_MECHANISMS=ldap
-      - SASLAUTHD_LDAP_FILTER={{ sasl_ldap_filter }} 
+      - DOVECOT_USER_FILTER={{ dovecot_user_filter }}
 
       - ENABLE_OAUTH2=1
       - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }}
@@ -113,6 +113,8 @@ services:
       - RELAY_USER={{ relay_user }}
       - RELAY_PASSWORD={{ relay_password }}
 
+      - POSTMASTER_ADDRESS={{ postmaster_email }}
+
 networks:
   roundcube:
   proxy:
diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot-ldap.conf b/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot-ldap.conf
index 956942c..6a14553 100644
--- a/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot-ldap.conf
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/dovecot-ldap.conf
@@ -8,4 +8,3 @@ dnpass = {{ email_ldap_api_token }}
 
 auth_bind = yes
 auth_bind_userdn = {{ dovecot_auth_bind_userdn }}
-user_filter = {{ dovecot_user_filter }}
diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
index 1749499..f03bc81 100755
--- a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
@@ -26,6 +26,9 @@ sed -i 's/result_attribute = mail/result_attribute = emailprimary/' /etc/postfix
 sed -i 's/result_attribute = mail/result_attribute = emailprimary/' /etc/postfix/ldap-domains.cf
 sed -i 's/result_attribute = mail/result_attribute = emailprimary/' /etc/postfix/ldap-users.cf
 
+grep -q '^leaf_result_attribute = mail$' /etc/postfix/ldap-groups.cf || echo "leaf_result_attribute = mail" >> /etc/postfix/ldap-groups.cf
+grep -q '^special_result_attribute = member$' /etc/postfix/ldap-groups.cf || echo "special_result_attribute = member" >> /etc/postfix/ldap-groups.cf
+
 echo 'auth_username_format = %Ln' >> /etc/dovecot/conf.d/10-auth.conf
 
 echo 'username_format = %Ln' >> /etc/dovecot/dovecot-oauth2.conf.ext
@@ -37,6 +40,12 @@ echo "passdb {
 
 userdb {
     driver = static
-    args = username_format=%u uid=docker gid=docker home=/var/mail/%d/%u
-    default_fields = uid=docker gid=docker home=/var/mail/%d/%u
+    args = username_format=%u uid=5000 gid=5000 home=/var/mail/%u
+    default_fields = uid=5000 gid=5000 home=/var/mail/%u
 }" > /etc/dovecot/conf.d/auth-ldap.conf.ext
+
+postconf -e 'virtual_uid_maps = static:5000'
+postconf -e 'virtual_gid_maps = static:5000'
+postconf -e 'virtual_minimum_uid = 5000'
+
+chown -R 5000:5000 /var/mail/*
diff --git a/playbooks/roles/src/templates/volumes/data/hooks/update b/playbooks/roles/src/templates/volumes/data/hooks/update
index a11d3e5..5723dc5 100755
--- a/playbooks/roles/src/templates/volumes/data/hooks/update
+++ b/playbooks/roles/src/templates/volumes/data/hooks/update
@@ -28,7 +28,7 @@ else
 fi
 
 echo "Hi from Soft Serve update hook!"
-echo
+echo "$GITDIR"
 echo "RefName: $refname"
 echo "Change Type: $newrev_type"
 echo "Old SHA1: $oldrev"