reword of tasks names, added ldap related tasks

roles/dovecot/templates/dovecot-ldap.conf.ext.j2

@@ -32,10 +32,5 @@ scope = subtree
 # ldap filter, return an entity that is a virtual mail account
 user_filter = (&(objectClass=VirtualMailAccount)(mail=%n)(accountActive=TRUE)(delete=FALSE))
 
-# to prevent the uid and gid mappings from the ldap object to
-# dovecot mailbox, we map them to unused ldap fields
-# the sytnax is: "ldap_attribute = dovecot_attribute"
-# this is done because otherwise dovecot will deliver
-# emails to the user directory instead of the maildir directory
-# handled by the user postman
-user_attrs = disablehomeDirectory=home,disableuidNumber=uid,disablegidNumber=gid
+# when using global uid/gid use this
+users_attrs = homeDirectory=vdhome

roles/postfix/tasks/main.yaml

@@ -20,23 +20,23 @@
       # TODO: log, add a centralized log server
       - rsyslog
 
-- name: configure ldap-aliases for postfix 
+- name: configure ldap-aliases for postfix
   template:
      src: ldap-aliases.cf.j2
      dest: "/etc/postfix/ldap-aliases.cf"
-  notify: restart postfix
+  notify: restart_postfix
 
-- name: configure ldap-aliases for postfix
+- name: provide postfix aliases from ldap-aliases
   lineinfile:
     dest: /etc/postfix/main.cf
     line: "virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-aliases.cf"
-  notify: restart postfix
+  notify: restart_postfix
 
 - name: configure ldap-domains for postfix
   template:
      src: ldap-domains.cf.j2
      dest: "/etc/postfix/ldap-domains.cf"
-  notify: restart postfix
+  notify: restart_postfix
 
 - name: provide postfix mailbox domains from ldap-domains
   lineinfile:
@@ -48,7 +48,58 @@
   template:
      src: ldap-accounts.cf.j2
      dest: "/etc/postfix/ldap-accounts.cf"
-  notify: restart postfix
+  notify: restart_postfix
+
+- name: configure ldap-accounts for postfix
+  lineinfile:
+    dest: /etc/postfix/main.cf
+    line: "virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-accounts.cf"
+  notify: restart_postfix
+
+- name: configure available mail destinations for postfix, replace default
+  replace:
+    dest: /etc/postfix/main.cf
+    regexp: "^mydestination.*$"
+    replace: "mydestination = mail.lilik.it, lists.lilik.it, localhost"
+  notify: restart_postfix
+
+- name: configure postfix's recipient limit for delivery
+  lineinfile:
+    dest: /etc/postfix/main.cf
+    line: "dovecot_destination_recipient_limit = 1"
+    state: present
+  notify: restart_postfix
+
+- name: configure service auth-userdb in dovecot configuration
+  blockinfile:
+    dest: "/etc/dovecot/conf.d/10-master.conf"
+    insertafter: "unix_listener auth-userdb {"
+    content: |
+        group = postman
+        mode = 0664
+        user = postman
+  notify: restart_postfix
+
+- name: configure virtual_transport method in postfix configuration
+  lineinfile:
+    dest: /etc/postfix/main.cf
+    line: "virtual_transport = dovecot"
+    state: present
+  notify: restart_postfix
+
+- name: configure postfix command to deliver mail
+  blockinfile:
+    dest: /etc/postfix/master.cf
+    block: |
+      dovecot   unix  -       n       n       -       -       pipe
+        flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}
+  notify: restart_postfix
+
+- name: create postman group
+  group: name=postman state=present gid=800
+
+- name: create postman user
+  user: name=postman state=present uid=800 shell=/dev/null
 
 - name: configure ldap-accounts for postfix
   lineinfile:
@@ -103,3 +154,75 @@
 
 - name: install antivirus and anti spam services
   include: antispam.yaml
+
+- name: configure mail_location in dovecot configuration, replace default
+  replace:
+    dest: /etc/dovecot/conf.d/10-mail.conf
+    regexp: "^mail_location.*$"
+    replace: 'mail_location = maildir:/home/postman/%d/%n'
+  notify: restart_dovecot
+
+- name: ensure system users cannot be used with dovecot
+  lineinfile:
+    dest: /etc/dovecot/conf.d/10-auth.conf
+    line: "!include auth-system.conf.ext"
+    state: absent
+  notify: restart_dovecot
+
+- name: ensure ldap users can be used with dovecot
+  lineinfile:
+    dest: /etc/dovecot/conf.d/10-auth.conf
+    line: "!include auth-ldap.conf.ext"
+    state: present
+  notify: restart_dovecot
+
+- name: set default realm for dovecot
+  lineinfile:
+    dest: /etc/dovecot/conf.d/10-auth.conf
+    line: "auth_default_realm = {{ fqdn_domain }}"
+
+- name: configure ldap authentication for dovecot
+  template:
+    src: dovecot-ldap.conf.ext.j2
+    dest: /etc/dovecot/dovecot-ldap.conf.ext
+  notify: restart_dovecot
+
+- name: provide global uid/gid to dovecot
+  lineinfile:
+    dest: /etc/dovecot/dovecot.conf
+    line: "{{ item }}"
+    state: present
+  with_items:
+    - "mail_uid = postman"
+    - "mail_gid = postman"
+
+#- lineinfile: dest=/etc/postfix/main.cf line="content_filter=smtp-amavis:[127.0.0.1]:10024" state=present
+#  notify: restart_postfix
+
+#- blockinfile: |
+#    dest=/etc/postfix/master.cf
+#    content=" smtp-amavis unix    -       -       n       -       2     smtp
+#    -o smtp_data_done_timeout=1200
+#    -o smtp_send_xforward_command=yes
+#    -o disable_dns_lookups=yes
+#    -o max_use=20
+#
+#     127.0.0.1:10025 inet n    -       n       -       -     smtpd
+#    -o content_filter=
+#    -o smtpd_delay_reject=no
+#    -o smtpd_client_restrictions=permit_mynetworks,reject
+#    -o smtpd_helo_restrictions=
+#    -o smtpd_sender_restrictions=
+#    -o smtpd_recipient_restrictions=permit_mynetworks,reject
+#    -o smtpd_data_restrictions=reject_unauth_pipelining
+#    -o smtpd_end_of_data_restrictions=
+#    -o smtpd_restriction_classes=
+#    -o mynetworks=127.0.0.0/8
+#    -o smtpd_error_sleep_time=0
+#    -o smtpd_soft_error_limit=1001
+#    -o smtpd_hard_error_limit=1000
+#    -o smtpd_client_connection_count_limit=0
+#    -o smtpd_client_connection_rate_limit=0
+#    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+#    -o local_header_rewrite_clients="
+#  notify: restart_postfix