multi family support

2022-05-23 08:55:14 +02:00 · 2022-05-23 08:55:14 +02:00 · 43208f0968
commit 43208f0968
parent 9ab458e858
3 changed files with 7 additions and 8 deletions
--- a/seed/applicationservice/2022.03.08/dovecot/templates/dovecot-ldap.conf.ext
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/dovecot-ldap.conf.ext
@ -81,6 +81,9 @@ tls_require_cert = hard
 # is still used, only the password field is ignored in it. Before doing any
 # search, the binding is switched back to the default DN.
 #auth_bind = no
+#>GNUNUX
+auth_bind = yes
+#<GNUNUX

 # If authentication binding is used, you can save one LDAP request per login
 # if users' DN can be specified with a common template. The template can use
@ -97,10 +100,6 @@ tls_require_cert = hard
 #   auth_bind_userdn = cn=%u,ou=people,o=org
 #
 #auth_bind_userdn =
-#>GNUNUX
-auth_bind = yes
-auth_bind_userdn = cn=%u,%%ldapclient_base_dn
-#<GNUNUX

 # LDAP protocol version to use. Likely 2 or 3.
 #ldap_version = 3
@ -108,7 +107,7 @@ auth_bind_userdn = cn=%u,%%ldapclient_base_dn
 # LDAP base. %variables can be used here.
 # For example: dc=mail, dc=example, dc=org
 # GNUNUX base =
-base = %%ldapclient_base_dn
+base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)

 # Dereference: never, searching, finding, always
 #deref = never
@ -137,7 +136,7 @@ user_attrs = homeDirectory=home
 #   %d - domain part in user@domain, empty if user there's no domain
 #user_filter = (&(objectClass=posixAccount)(uid=%u))
 #>GNUNUX
-user_filter = (&(objectClass=inetOrgPerson)(cn=%u))
+user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
 #<GNUNUX

 # Password checking attributes:
--- a/seed/applicationservice/2022.03.08/ldap-client/dictionaries/21_ldap-client.xml
+++ b/seed/applicationservice/2022.03.08/ldap-client/dictionaries/21_ldap-client.xml
@ -12,7 +12,7 @@
  <variables>
    <family name="annuaire">
      <variable name='ldap_server_address' type='domainname' description="Nom DNS du serveur LDAP" mandatory='True'/>
-      <variable name='ldapclient_family' type='unix_user' description="L'arbre LDAP est de type famille"/>
+      <variable name='ldapclient_family' type='unix_user' description="Nom de la famille LDAP"/>
      <variable name='ldapclient_remote_user' type='string' description="DN de l'tilisateur distant" mandatory='True' hidden="True"/>
      <variable name='ldapclient_remote_user_password' type='password' description="Mot de passe de l'utilisateur distant" mandatory='True' hidden="True"/>
      <variable name='ldap_base_dn' type='string' description="Base DN de l'annuaire" mandatory="True" test="dc=test,o=fr"/>
--- a/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json
+++ b/seed/applicationservice/2022.03.08/lemonldap/templates/lmConf-1.json
@ -13,7 +13,7 @@ commentStartToken = §
   "ldapPpolicyControl" : 1,
   "ldapAllowResetExpiredPassword" : 1,
   "ldapChangePasswordAsUser" : 1,
-   "ldapBase" : "%%ldapclient_base_dn",
+   "ldapBase" : "%%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)",
   "ldapExportedVars" : {
      "uid" : "uid",
      "cn" : "cn",