diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2025-01-30 00:58:13 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2025-02-01 13:56:14 +0100 |
| commit | f647dd2265bf4c5a2903325f628774eace2011ce (patch) | |
| tree | 715821c697ba3988acf93626645b943df2ee2bdd /lib/modules | |
| parent | bcdb01c02f392503c91538b3c1fabe62544ef423 (diff) | |
LDAP: Load dynlist overlay.
Looks like nextcloud 26-29 broke something in the handling of dynamic
groups via memberURL attribute (and keeps repopulating the group —
possibly due to paging — thereby spamming members with “An administrator
removed you from group medlemmar” mails), so we expand on the slapd via
slapo-dynlist(5) instead.
This commit also fixes an issue with the openldap module where the index
of the leftmost attribute of the DN is not necessary {0}.
Diffstat (limited to 'lib/modules')
| -rw-r--r-- | lib/modules/openldap | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/lib/modules/openldap b/lib/modules/openldap index c09e791..f24a802 100644 --- a/lib/modules/openldap +++ b/lib/modules/openldap @@ -38,6 +38,7 @@ indexedAttributes = frozenset([ 'olcOverlay', 'olcLimits', 'olcAuthzRegexp', + 'olcDlAttrSet', 'olcDbConfig', ]) @@ -156,6 +157,7 @@ def processEntry(module, l, dn, entry): d,e = r fst = str2dn(dn).pop(0)[0][0] diff = [] + re1 = re.compile( b'^(\{[0-9]+\})', re.I ) for a,v in e.items(): if a not in entry.keys(): if a != fst: @@ -168,11 +170,22 @@ def processEntry(module, l, dn, entry): # by a DN with proper gidNumber and uidNumber entry[a] = list(map ( partial(sasl_ext_re.sub, acl_sasl_ext) , entry[a] )) - # add explicit indices in the entry from the LDIF - entry[a] = list(map( (lambda x: b'{%d}%s' % x) - , zip(range(len(entry[a])),entry[a]))) - if v != entry[a]: - diff.append(( ldap.MOD_REPLACE, a, entry[a] )) + if a == fst: + if len(entry[a]) != 1 or len(v) != 1: + module.fail_json(msg=f'{len(entry[a])} != 1 or {len(v)} != 1') + m1 = re1.match(v[0]) + if m1 is None: + module.fail_json(msg=f'{v[0]} is not indexed??') + else: + entry[a][0] = m1.group(1) + entry[a][0] + if entry[a] != v: + module.fail_json(msg=f'{entry[a]} != {v}, use modrdn to modifify the RDN (unimplemented)') + else: + # add explicit indices in the entry from the LDIF + entry[a] = list(map( (lambda x: b'{%d}%s' % x) + , zip(range(len(entry[a])),entry[a]))) + if v != entry[a]: + diff.append(( ldap.MOD_REPLACE, a, entry[a] )) elif v != entry[a]: # for non-indexed attribute, we update values in the # symmetric difference only |