fripost-ansible/lib, branch master Fripost ansible scripts LDAP: Load dynlist overlay. 2025-02-01T12:56:14+00:00 Guilhem Moulin guilhem@fripost.org 2025-01-29T23:58:13+00:00 f647dd2265bf4c5a2903325f628774eace2011ce Looks like nextcloud 26-29 broke something in the handling of dynamic groups via memberURL attribute (and keeps repopulating the group — possibly due to paging — thereby spamming members with “An administrator removed you from group medlemmar” mails), so we expand on the slapd via slapo-dynlist(5) instead. This commit also fixes an issue with the openldap module where the index of the leftmost attribute of the DN is not necessary {0}. 
Looks like nextcloud 26-29 broke something in the handling of dynamic
groups via memberURL attribute (and keeps repopulating the group —
possibly due to paging — thereby spamming members with “An administrator
removed you from group medlemmar” mails), so we expand on the slapd via
slapo-dynlist(5) instead.

This commit also fixes an issue with the openldap module where the index
of the leftmost attribute of the DN is not necessary {0}.
openldap module: Fix python3's bytes vs str mismatch. 2022-10-11T18:05:33+00:00 Guilhem Moulin guilhem@fripost.org 2022-10-11T17:59:17+00:00 ab1f9b0eb7b3cd3c14ba4722a3c85507efde1fcd 






Remove module ‘mysql_user2’.
2022-10-11T18:03:03+00:00

Guilhem Moulin
guilhem@fripost.org

2022-10-11T14:05:48+00:00

eeadb037937ee1b5da6e084b98acb8f9c3242e2f

These days upstream's ‘mysql_user’ is good enough.





These days upstream's ‘mysql_user’ is good enough.







fetch_cmd: Replace deprecated ‘_remote_checksum()’ with ‘_execute_remote_stat()’.
2022-10-11T13:09:02+00:00

Guilhem Moulin
guilhem@fripost.org

2022-10-11T13:09:02+00:00

43a7f11e34a5c1a546a7bd547a9c5a6379cfa2e3

This silences the following deprecation warning:

    The '_remote_checksum()' method is deprecated. The plugin author should update the code to use '_execute_remote_stat()' instead. This
feature will be removed in version 2.16.
    Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.





This silences the following deprecation warning:

    The '_remote_checksum()' method is deprecated. The plugin author should update the code to use '_execute_remote_stat()' instead. This
feature will be removed in version 2.16.
    Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.







postmulti: Fix encoding issue.
2022-10-11T12:46:57+00:00

Guilhem Moulin
guilhem@fripost.org

2022-10-11T12:46:32+00:00

36701580caf57788f6900fb6d28e4274909f6a34












mysql_user2: Remove load_mycnf().
2022-10-11T11:58:08+00:00

Guilhem Moulin
guilhem@fripost.org

2022-10-11T11:58:08+00:00

83bd3f5e67554f6c822cd35d428ac597707b7d3d

We're not using this, and it makes ansible croak with

    An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: No module named 'ConfigParser'





We're not using this, and it makes ansible croak with

    An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: No module named 'ConfigParser'







dovecot-auth-proxy: replace directory traversal with LDAP lookups.
2020-05-21T00:26:16+00:00

Guilhem Moulin
guilhem@fripost.org

2020-05-20T23:35:28+00:00

5118f8d3394579a245b355c863c69410fe92e26e

This provides better isolation opportunity as the service doesn't need
to run as ‘vmail’ user.  We use a dedicated system user instead, and
LDAP ACLs to limit its access to the strict minimum.

The new solution is also more robust to quoting/escaping, and doesn't
depend on ‘home=/home/mail/virtual/%d/%n’ (we might use $entryUUID
instead of %d/%n at some point to make user renaming simpler).

OTOH we no longer lists users that have been removed from LDAP but still
have a mailstore lingering around.  This is fair.





This provides better isolation opportunity as the service doesn't need
to run as ‘vmail’ user.  We use a dedicated system user instead, and
LDAP ACLs to limit its access to the strict minimum.

The new solution is also more robust to quoting/escaping, and doesn't
depend on ‘home=/home/mail/virtual/%d/%n’ (we might use $entryUUID
instead of %d/%n at some point to make user renaming simpler).

OTOH we no longer lists users that have been removed from LDAP but still
have a mailstore lingering around.  This is fair.







mysql_user2: Explicitly set type to Bool.
2020-01-22T01:06:23+00:00

Guilhem Moulin
guilhem@fripost.org

2020-01-22T01:06:21+00:00

eb0a0a822328e8563ed8af67e4e9cd573d93b31a

This avoids the

[WARNING]: The value False (type bool) in a string field was converted
to u'False' (type string). If this does not look like what you expect,
quote the entire value to ensure it does not change.





This avoids the

[WARNING]: The value False (type bool) in a string field was converted
to u'False' (type string). If this does not look like what you expect,
quote the entire value to ensure it does not change.







Port custom modules to python3.
2019-02-05T22:51:13+00:00

Guilhem Moulin
guilhem@fripost.org

2019-02-05T22:51:13+00:00

c19f6525465065496c485a5084a86707e4923580












Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
2018-12-09T19:25:40+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-09T17:41:06+00:00

e2ddcfc51f66c2a52a401064eab005e793f148ee