From 4cf191bd763f6aec3eba9b24f074a876574f6dd3 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 3 May 2024 17:01:02 +0200
Subject: [PATCH] Update to 2024-05-03 17:01

---
 roles/seafile/defaults/main.yml               | 4 ++++
 roles/seafile/templates/ccnet.conf.j2         | 4 ++--
 roles/seafile/templates/seahub_settings.py.j2 | 6 +++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml
index f98c4b6..234db20 100644
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@@ -86,7 +86,11 @@ seafile_ldap_last_name_attr: sn
 seafile_ldap_dept_attr: department
 seafile_ldap_uid_attr: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
 seafile_ldap_filter: "{{ ad_auth | default(False) | ternary('&(objectClass=user)(objectCategory=person)(primaryGroupId=513)','objectClass=inetOrgPerson') }}"
+# Set a group filter to enable group sync (only available in Seafile pro)
 # seafile_ldap_group_filter: (mail=*)
+seafile_ldap_group_object_class: "{{ ad_auth | default(False) | ternary('groupOfNames', 'group') }}"
+seafile_ldap_group_member_attr: member
+seafile_ldap_group_uuid_attr: "{{ ad_auth | default(False) | ternary('objectGUID', 'entryUUID') }}"
 
 # oAuth2 authentication
 seafile_oauth2_auth: False
diff --git a/roles/seafile/templates/ccnet.conf.j2 b/roles/seafile/templates/ccnet.conf.j2
index e1e9ffc..37fd693 100644
--- a/roles/seafile/templates/ccnet.conf.j2
+++ b/roles/seafile/templates/ccnet.conf.j2
@@ -26,10 +26,10 @@ PASSWORD = {{ seafile_ldap_bind_pass }}
 LOGIN_ATTR = {{ seafile_ldap_login_attr }}
 FILTER = {{ seafile_ldap_filter }}
 
-{% if seafile_license is defined %}
+{% if seafile_edition == 'pro' %}
 [LDAP_SYNC]
 ENABLE_USER_SYNC = true
-ENABLE_GROUP_SYNC = true
+ENABLE_GROUP_SYNC = {{ seafile_ldap_group_filter is defined | ternary('true','false') }}
 {% if seafile_ldap_group_filter is defined %}
 GROUP_FILTER = {{ seafile_ldap_group_filter }}
 {% endif %}
diff --git a/roles/seafile/templates/seahub_settings.py.j2 b/roles/seafile/templates/seahub_settings.py.j2
index 7c0ff9c..be355b8 100644
--- a/roles/seafile/templates/seahub_settings.py.j2
+++ b/roles/seafile/templates/seahub_settings.py.j2
@@ -188,11 +188,15 @@ LDAP_CONTACT_EMAIL_ATTR = '{{ seafile_ldap_email_attr }}'
 LDAP_USER_FIRST_NAME_ATTR = '{{ seafile_ldap_first_name_attr }}'
 LDAP_USER_LAST_NAME_ATTR = '{{ seafile_ldap_last_name_attr }}'
 
-{% if seafile_license is defined %}
+{% if seafile_edition == 'pro' %}
 LDAP_SYNC_INTERVAL = 60
 ENABLE_LDAP_USER_SYNC = True
 {% if seafile_ldap_group_filter is defined %}
 ENABLE_LDAP_GROUP_SYNC = True
+LDAP_GROUP_FILTER = '{{ seafile_ldap_group_filter }}'
+LDAP_GROUP_OBJECT_CLASS = '{{ seafile_ldap_group_object_class }}'
+LDAP_GROUP_MEMBER_ATTR = '{{ seafile_ldap_group_member_attr }}'
+LDAP_GROUP_UUID_ATTR = '{{ seafile_ldap_group_uuid_attr }}'
 {% endif %}
 DEACTIVE_USER_IF_NOTFOUND = True
 LDAP_USER_OBJECT_CLASS = 'person'