diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2025-01-30 00:58:13 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2025-02-01 13:56:14 +0100 |
| commit | f647dd2265bf4c5a2903325f628774eace2011ce (patch) | |
| tree | 715821c697ba3988acf93626645b943df2ee2bdd /roles/LDAP-provider/tasks/main.yml | |
| parent | bcdb01c02f392503c91538b3c1fabe62544ef423 (diff) | |
LDAP: Load dynlist overlay.
Looks like nextcloud 26-29 broke something in the handling of dynamic
groups via memberURL attribute (and keeps repopulating the group —
possibly due to paging — thereby spamming members with “An administrator
removed you from group medlemmar” mails), so we expand on the slapd via
slapo-dynlist(5) instead.
This commit also fixes an issue with the openldap module where the index
of the leftmost attribute of the DN is not necessary {0}.
Diffstat (limited to 'roles/LDAP-provider/tasks/main.yml')
| -rw-r--r-- | roles/LDAP-provider/tasks/main.yml | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml index 9bc227e..8d4e327 100644 --- a/roles/LDAP-provider/tasks/main.yml +++ b/roles/LDAP-provider/tasks/main.yml @@ -4,6 +4,15 @@ target=etc/ldap/syncprov.ldif local=file +#- name: Load dyngroup schema +# openldap: target=/etc/ldap/schema/dyngroup.ldif + +- name: Load and configure the dynlist overlay + openldap: module=dynlist + suffix=dc=fripost,dc=org + target=etc/ldap/dynlist.ldif + local=file + ## XXX should be /etc/sasl2/slapd.conf ideally, but it doesn't work with ## Stretch, cf #211156 and #798462: ## ldapsearch -LLLx -H ldapi:// -b "" -s base supportedSASLMechanisms @@ -15,7 +24,4 @@ owner=root group=root mode=0644 -#- name: Load dyngroup schema -# openldap: target=/etc/ldap/schema/dyngroup.ldif - # TODO: authz constraint |