LDAP: Load dynlist overlay.

Looks like nextcloud 26-29 broke something in the handling of dynamic
groups via memberURL attribute (and keeps repopulating the group —
possibly due to paging — thereby spamming members with “An administrator
removed you from group medlemmar” mails), so we expand on the slapd via
slapo-dynlist(5) instead.

This commit also fixes an issue with the openldap module where the index
of the leftmost attribute of the DN is not necessary {0}.

1 files changed, 2 insertions, 0 deletions

diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index a0ac705..f10bb33 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -538,9 +538,11 @@ olcAccess: to dn.exact="ou=groups,dc=fripost,dc=org"
     by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd
     by users                                                             =0 break
 olcAccess: to dn.exact="cn=medlemmar,ou=groups,dc=fripost,dc=org"
+        attrs=entry,entryDN,entryUUID,objectClass,cn,description,member
     by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd
     by users                                                             =0 break
 olcAccess: to dn.exact="cn=styrelse,ou=groups,dc=fripost,dc=org"
+        attrs=entry,entryDN,entryUUID,objectClass,cn,description,member
     by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd
     by users                                                             =0 break
 #