Update to 2024-05-03 17:01

2024-05-03 17:01:02 +02:00 · 2024-05-03 17:01:02 +02:00 · 4cf191bd76
parent de23ac213c
commit 4cf191bd76
3 changed files with 11 additions and 3 deletions
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@ -86,7 +86,11 @@ seafile_ldap_last_name_attr: sn
 seafile_ldap_dept_attr: department
 seafile_ldap_uid_attr: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
 seafile_ldap_filter: "{{ ad_auth | default(False) | ternary('&(objectClass=user)(objectCategory=person)(primaryGroupId=513)','objectClass=inetOrgPerson') }}"
+# Set a group filter to enable group sync (only available in Seafile pro)
 # seafile_ldap_group_filter: (mail=*)
+seafile_ldap_group_object_class: "{{ ad_auth | default(False) | ternary('groupOfNames', 'group') }}"
+seafile_ldap_group_member_attr: member
+seafile_ldap_group_uuid_attr: "{{ ad_auth | default(False) | ternary('objectGUID', 'entryUUID') }}"

 # oAuth2 authentication
 seafile_oauth2_auth: False
--- a/roles/seafile/templates/ccnet.conf.j2
+++ b/roles/seafile/templates/ccnet.conf.j2
@ -26,10 +26,10 @@ PASSWORD = {{ seafile_ldap_bind_pass }}
 LOGIN_ATTR = {{ seafile_ldap_login_attr }}
 FILTER = {{ seafile_ldap_filter }}

-{% if seafile_license is defined %}
+{% if seafile_edition == 'pro' %}
 [LDAP_SYNC]
 ENABLE_USER_SYNC = true
-ENABLE_GROUP_SYNC = true
+ENABLE_GROUP_SYNC = {{ seafile_ldap_group_filter is defined | ternary('true','false') }}
 {% if seafile_ldap_group_filter is defined %}
 GROUP_FILTER = {{ seafile_ldap_group_filter }}
 {% endif %}
--- a/roles/seafile/templates/seahub_settings.py.j2
+++ b/roles/seafile/templates/seahub_settings.py.j2
@ -188,11 +188,15 @@ LDAP_CONTACT_EMAIL_ATTR = '{{ seafile_ldap_email_attr }}'
 LDAP_USER_FIRST_NAME_ATTR = '{{ seafile_ldap_first_name_attr }}'
 LDAP_USER_LAST_NAME_ATTR = '{{ seafile_ldap_last_name_attr }}'

-{% if seafile_license is defined %}
+{% if seafile_edition == 'pro' %}
 LDAP_SYNC_INTERVAL = 60
 ENABLE_LDAP_USER_SYNC = True
 {% if seafile_ldap_group_filter is defined %}
 ENABLE_LDAP_GROUP_SYNC = True
+LDAP_GROUP_FILTER = '{{ seafile_ldap_group_filter }}'
+LDAP_GROUP_OBJECT_CLASS = '{{ seafile_ldap_group_object_class }}'
+LDAP_GROUP_MEMBER_ATTR = '{{ seafile_ldap_group_member_attr }}'
+LDAP_GROUP_UUID_ATTR = '{{ seafile_ldap_group_uuid_attr }}'
 {% endif %}
 DEACTIVE_USER_IF_NOTFOUND = True
 LDAP_USER_OBJECT_CLASS = 'person'