fripost-ansible/roles/common-LDAP/templates, branch master

LDAP: Load dynlist overlay.

2025-02-01T12:56:14+00:00

Looks like nextcloud 26-29 broke something in the handling of dynamic
groups via memberURL attribute (and keeps repopulating the group —
possibly due to paging — thereby spamming members with “An administrator
removed you from group medlemmar” mails), so we expand on the slapd via
slapo-dynlist(5) instead.

This commit also fixes an issue with the openldap module where the index
of the leftmost attribute of the DN is not necessary {0}.

LDAP: Rotate soon-to-be expired key material.

2024-09-08T18:54:00+00:00

Also, switch from rsa4096 to ed25519 and use a separate key for each
syncrepl.

typofix

2024-09-08T00:27:38+00:00

Port baseline to Debian 11 (codename Bullseye).

2022-10-13T20:12:05+00:00

LDAP: Add ACLs for group ‘styrelse’.

2020-05-21T01:45:17+00:00

postfix-sender-login: Better hardening.

2020-05-21T01:40:53+00:00

Run as a dedicated user, not ‘postfix’.

dovecot-auth-proxy: replace directory traversal with LDAP lookups.

2020-05-21T00:26:16+00:00

This provides better isolation opportunity as the service doesn't need
to run as ‘vmail’ user.  We use a dedicated system user instead, and
LDAP ACLs to limit its access to the strict minimum.

The new solution is also more robust to quoting/escaping, and doesn't
depend on ‘home=/home/mail/virtual/%d/%n’ (we might use $entryUUID
instead of %d/%n at some point to make user renaming simpler).

OTOH we no longer lists users that have been removed from LDAP but still
have a mailstore lingering around.  This is fair.

LDAP: Update role to Debian Buster.

2020-05-19T04:36:36+00:00

s/LDAP-provider/LDAP_provider/

2020-05-19T04:07:43+00:00

This was forgotten after a092bfd947773281a23419ee0ab62358371b7166.

Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.

2018-12-09T19:25:40+00:00