ADs in a list, perms in postfix/ldap, libldap-common

[dienteperro]

The three main changes for this pull request are:

1. Acommodate ADs in a list, in my TODO list for several months. It allows to have just one variable (instead of two) for the AD servers, and IMHO a list does better the task. Something to note is: Do we want to have a mix of secure and not secure ADs in the list, now is coded for all-secure, an easy solution is change the list to a format like this:

   • ldap://non.secure.domain
   • ldaps://secure.domain:636 I think we should prioritize secure servers as a best practice, let's remember that user accounts are crossing the network.

2. Permissions for folder /etc/postfix/ldap contents were readable by others. The have sensitive info, so I change the code to make it 0640. I suggest to move the creation of the folder to a separate task also so it can be 0750.

3. As noted some days ago, some recent Debian and Ubuntu deployments don't install /etc/ldap.conf (from package libldap-common). An easy solution is enforce the installation of package libldap-common. I recommend check the necessity of this in future versions. Question is: In future versions of Debian and Ubuntu ldap requires /etc/ldap.conf to make possible the use of ldaps://?

Best regards.

[stdevPavelmc]

First: Thanks for the contribution!

Now onto the business:

• No support for non-secure servers, that's ok for now, but for the people using windows servers we let them out as for them it's no so easy to have a secure server activated; So will add an issue for that.
• Permissions for folder /etc/postfix/ldap: nice catch.
• libldap-common: it drove me crazy time ago with non-sense errors, so needed or not in the future, it stays, the merrier the better.

Looks good to me, merge in progress!