From f647dd2265bf4c5a2903325f628774eace2011ce Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 30 Jan 2025 00:58:13 +0100 Subject: LDAP: Load dynlist overlay. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Looks like nextcloud 26-29 broke something in the handling of dynamic groups via memberURL attribute (and keeps repopulating the group — possibly due to paging — thereby spamming members with “An administrator removed you from group medlemmar” mails), so we expand on the slapd via slapo-dynlist(5) instead. This commit also fixes an issue with the openldap module where the index of the leftmost attribute of the DN is not necessary {0}. --- roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/common-LDAP') diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index a0ac705..f10bb33 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -538,9 +538,11 @@ olcAccess: to dn.exact="ou=groups,dc=fripost,dc=org" by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd by users =0 break olcAccess: to dn.exact="cn=medlemmar,ou=groups,dc=fripost,dc=org" + attrs=entry,entryDN,entryUUID,objectClass,cn,description,member by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd by users =0 break olcAccess: to dn.exact="cn=styrelse,ou=groups,dc=fripost,dc=org" + attrs=entry,entryDN,entryUUID,objectClass,cn,description,member by dn.exact="cn=nextcloud,ou=services,dc=fripost,dc=org" tls_ssf=128 =rsd by users =0 break # -- cgit v1.2.3