cleanup saslauthd

tiredofit · tiredofit · commit fc546b086461 · 2026-04-17T19:32:15.000-07:00
diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@ Upon starting this image it will give you a ready to run server with many config
 * Supports Replication
 * Scheduled Backups of Data
 * Ability to choose NIS or rfc2307bis Schema
+* Abilty to authenticate against SASL2
 * Additional Password Modules (Argon, SHA2, PBKDF2)
 * Two Password Checking Modules - check_password.so and ppm.so
 * Zabbix Monitoring templates included
@@ -279,7 +280,7 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll
 | `SASLAUTHD_SLAPD_TYPE`               | Type when writing `/etc/sasl/slapd.conf`                                                   | `pam`                                       |
 | `SASLAUTHD_MECH_LIST`                | Mech List when writing `/etc/sasl/slapd.conf`                                              | `PLAIN LOGIN EXTERNAL`                      |
 | `SASLAUTHD_SLAPD_TYPE`               |                                                                                            | `pam`                                       |
-| `SASLAUTHD_PAM_CONFIG_PATH`          | Pam Configuration path - If not default will symlink to this                               | `/etc/pam/`                                 |
+| `SASLAUTHD_PAM_CONFIG_PATH`          | Pam Configuration path - If not default will symlink to this                               | `/etc/pam.d/`                                 |
 | `SASLAUTHD_SLAPD_PAM_FILE`           | Pam Configuration file - If not default will symlink to this                               | `ldap`                                      |
 | `SASLAUTHD_PAM_AUTO_CONFIGURE`       | Auto configure ${SASLAUTHD_PAM_CONFIG_PATH}/${SASLAUTHD_PAM_SLAPD_CONFIG_FILE}             | `TRUE`                                      |
 | `SASLAUTHD_PAM_LDAP_AUTH_ENTRY`      | Auth line entry                                                                            | see second line |
diff --git a/container-openldap.code-workspace b/container-openldap.code-workspace
@@ -0,0 +1,17 @@
+{
+	"folders": [
+		{
+			"name": "container-openldap",
+			"path": "."
+		},
+		{
+			"name": "container-base",
+			"path": "../container-base"
+		},
+		{
+			"name": "gha",
+			"path": "../gha"
+		}
+	],
+	"settings": {}
+}
diff --git a/rootfs/container/defaults/30-saslauthd b/rootfs/container/defaults/30-saslauthd
@@ -18,6 +18,6 @@ SASLAUTHD_PAM_LDAP_AUTH_ENTRY=${SASLAUTHD_PAM_LDAP_AUTH_ENTRY:-"required pam_exe
 SASLAUTHD_PROCESSES=${SASLAUTHD_PROCESSES:-"0"}
 SASLAUTHD_RUN_PATH=${SASLAUTHD_RUN_PATH:-"/run/saslauthd/"}
 SASLAUTHD_SLAPD_CONFIG_FILE=${SASLAUTHD_SLAPD_CONFIG_FILE:-"slapd.conf"}
-SASLAUTHD_PAM_CONFIG_PATH=${SASLAUTHD_PAM_CONFIG_PATH:-"/etc/pam/"}
+SASLAUTHD_PAM_CONFIG_PATH=${SASLAUTHD_PAM_CONFIG_PATH:-"/etc/pam.d/"}
 SASLAUTHD_SLAPD_PAM_FILE=${SASLAUTHD_SLAPD_PAM_FILE:-"ldap"}
 SASLAUTHD_SLAPD_TYPE=${SASLAUTHD_TYPE:-"pam"}
diff --git a/rootfs/container/functions/30-saslauthd b/rootfs/container/functions/30-saslauthd
@@ -22,7 +22,7 @@ saslauthd_bootstrap_filesystem() {
 
 saslauthd_configure_daemon() {
     if var_true "${SASLAUTHD_AUTO_CONFIGURE}" ; then
-        write_file "${SASLAUTHD_CONFIG_PATH%/}"/"${SASLAUTHD_SLAPD_CONFIG_FILE}":640 <<EOF
+        write_file root:ldap@"${SASLAUTHD_CONFIG_PATH%/}"/"${SASLAUTHD_SLAPD_CONFIG_FILE}":640 <<EOF
 pwcheck_method: saslauthd
 saslauthd_path: ${SASLAUTHD_RUN_PATH}/mux
 mech_list: ${SASLAUTHD_MECH_LIST}
@@ -37,16 +37,12 @@ EOF
 saslauthd_configure_pam() {
     if [ "${SASLAUTHD_SLAPD_TYPE,,}" = "pam" ] ; then
         print_notice "Configuring PAM for saslauthd/slapd"
-        if [ -n "${SASLAUTHD_LDAP_PAM_CONFIG_FILE}" ] ; then
-            ln -s "${SASLAUTHD_PAM_CONFIG_PATH%/}"/"${SASLAUTHD_PAM_LDAP_CONFIG_FILE}" /etc/pam.d/ldap
-        fi
-
-        if [ "${SASLAUTHD_PAM_CONFIG_PATH%/}" != "/etc/pam" ] && [ "${SASLAUTHD_PAM_LDAP_CONFIG_FILE}" != "ldap" ] ; then
+        if [ "${SASLAUTHD_PAM_CONFIG_PATH%/}" != "/etc/pam.d" ] && [ "${SASLAUTHD_PAM_LDAP_CONFIG_FILE}" != "ldap" ] ; then
             rm -rf /etc/pam/ldap
             ln -s "${SASLAUTHD_PAM_CONFIG_PATH%/}"/"${SASLAUTHD_PAM_LDAP_CONFIG_FILE}" /etc/pam.d/ldap
         fi
         if var_true "${SASLAUTHD_PAM_AUTO_CONFIGURE}" ; then
-            write_file "${SASLAUTHD_PAM_CONFIG_PATH%/}"/"${SASLAUTHD_PAM_LDAP_CONFIG_FILE}":700 <<EOF
+            write_file root:root@"${SASLAUTHD_PAM_CONFIG_PATH%/}"/"${SASLAUTHD_PAM_LDAP_CONFIG_FILE}":700 <<EOF
 auth    ${SASLAUTHD_PAM_LDAP_AUTH_ENTRY}
 account ${SASLAUTHD_PAM_LDAP_ACCOUNT_ENTRY}
 EOF
