Expand config options to allow custom LDAP filter, samba mode

README.md

@@ -51,6 +51,8 @@ LDAP Self-Service-Password (optional):
   - Don't ask for user's mail address. It will use the first address found in the corresponding user DN.
 - `LSSP_SHOW_MENU` (default: true)
   - Show menu on top of the page
+- `LSSP_ACCOUNT_FILTER` (default: `(&(objectClass=person)($ldap_login_attribute={login}))`)
+  - LDAP filter used when searching for a user account matching `LSSP_ATTR_LOGIN`. 
 
 OpenLDAP-Server (required):
 
@@ -67,6 +69,8 @@ OpenLDAP-Server (required):
   - Password of the admin user
 - `LDAP_AD_MODE` (default: false)
   - Enable support for Active Directory
+- `LDAP_SAMBA_MODE` (default: false)
+  - Enable support for Samba password management on user accounts
 
 Mail-Server (optional):
 > If `SMTP_HOST` is not set, Password-Reset via Mail-Tokens will be disabled in the Web-Interface!

assets/config/lssp/config.inc.php

@@ -30,7 +30,7 @@
 $ldap_base = "{{LDAP_BASE}}";
 $ldap_login_attribute = "{{LSSP_ATTR_LOGIN}}";
 $ldap_fullname_attribute = "{{LSSP_ATTR_FN}}";
-$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
+$ldap_filter = "{{LSSP_ACCOUNT_FILTER}}";
 
 # Active Directory mode
 # true: use unicodePwd as password field
@@ -46,7 +46,7 @@
 # Samba mode
 # true: update sambaNTpassword and sambaPwdLastSet attributes too
 # false: just update the password
-$samba_mode = false;
+$samba_mode = {{LDAP_SAMBA_MODE}};
 # Set password min/max age in Samba attributes
 #$samba_options['min_age'] = 5;
 #$samba_options['max_age'] = 45;
@@ -144,7 +144,7 @@
 $mail_address_use_ldap = {{LSSP_MAIL_FROM_LDAP}};
 # Auth
 $mail_smtp_host = '{{SMTP_HOST}}';
-$mail_smtp_auth = true;
+$mail_smtp_auth = {{SMTP_REQUIRESAUTH}};
 $mail_smtp_user = '{{SMTP_USER}}';
 $mail_smtp_pass = '{{SMTP_PASS}}';
 $mail_smtp_port = {{SMTP_PORT}};

assets/scripts/env-defaults

@@ -13,12 +13,20 @@ if [ -z ${LDAP_USER} ] ; then LDAP_USER="cn=admin,${LDAP_BASE}"; fi
 LDAP_PASS=${LDAP_PASS:-admin}
 LDAP_STARTTLS=${LDAP_STARTTLS:-true}
 LDAP_AD_MODE=${LDAP_AD_MODE:-false}
+LDAP_SAMBA_MODE=${LDAP_SAMBA_MODE:-false}
 
 ## MAIL
 SMTP_HOST=${SMTP_HOST:-smtp}
 SMTP_PORT=${SMTP_PORT:-25}
 SMTP_USER=${SMTP_USER:-}
 SMTP_PASS=${SMTP_PASS:-}
+
+if [ -z "${SMTP_USER}" ] && [ -z "${SMTP_PASS}" ]; then
+  SMTP_REQUIRESAUTH=false
+else
+  SMTP_REQUIRESAUTH=true
+fi
+
 SMTP_FROM=${SMTP_FROM:-root@$ERVER_HOSTNAME}
 SMTP_TLS=${SMTP_TLS:-false}
 SMTP_TYPE=${SMTP_TYPE:-noauth}
@@ -32,6 +40,9 @@ LSSP_HASH_METHOD=${LSSP_HASH_METHOD:-auto}
 LSSP_DEFAULT_ACTION=${LSSP_DEFAULT_ACTION:-change}
 LSSP_SHOW_MENU=${LSSP_SHOW_MENU:-true}
 LSSP_MAIL_FROM_LDAP=${LSSP_MAIL_FROM_LDAP:-false}
+if [ -z "${LSSP_ACCOUNT_FILTER}" ]; then
+  LSSP_ACCOUNT_FILTER='(&(objectClass=person)($ldap_login_attribute={login}))'
+fi
 
 ## reCAPTCHA
 RECAPTCHA_USE=${RECAPTCHA_USE:-false};

assets/scripts/functions

@@ -101,7 +101,7 @@ finalize_parameters() {
     LSSP_MAIL_SUPPORT=true
 
     LSSP_KEYPHRASE=${LDAP_KEYPHRASE:-}
-    if [ -z "${LSSP_KEYPHRASE}"]; then
+    if [ -z "${LSSP_KEYPHRASE}" ]; then
       LSSP_KEYPHRASE=$(pwgen -1 32)
       echo "  ... generated temporary keyphrase"
     fi
@@ -133,19 +133,22 @@ configure_lssp() {
     LDAP_PASS \
     LDAP_BASE \
     LDAP_AD_MODE \
+    LDAP_SAMBA_MODE \
     LDAP_STARTTLS \
     LSSP_ATTR_LOGIN LSSP_ATTR_FN LSSP_ATTR_MAIL \
     LSSP_HASH_METHOD \
     LSSP_KEYPHRASE \
     LSSP_MAIL_FROM_LDAP \
     LSSP_SHOW_MENU \
+    LSSP_ACCOUNT_FILTER \
     SMTP_USEAUTH \
     SMTP_FROM \
     SMTP_HOST \
     SMTP_PORT \
     SMTP_USER \
     SMTP_PASS \
     SMTP_TLS \
+    SMTP_REQUIRESAUTH \
     SMTP_DOMAIN \
     LSSP_MAIL_SUPPORT \
     LSSP_DEFAULT_ACTION \