Configure LDAP for Yunohost

conf/.env

@@ -165,7 +165,7 @@ LDAP_BASEDN=dc=yunohost,dc=org
 # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
 # example :  LDAP_LOGIN_FALLBACK=true
 #LDAP_LOGIN_FALLBACK=false
-LDAP_LOGIN_FALLBACK=false
+LDAP_LOGIN_FALLBACK=true
 
 # LDAP_RECONNECT : Reconnect to the server if the connection is lost
 # example :  LDAP_RECONNECT=false
@@ -213,7 +213,7 @@ LDAP_BACKGROUND_SYNC=true
 # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
 # example :  LDAP_BACKGROUND_SYNC_INTERVAL=12345
 #LDAP_BACKGROUND_SYNC_INTERVAL=100
-LDAP_BACKGROUND_SYNC_INTERVAL=600000
+LDAP_BACKGROUND_SYNC_INTERVAL=100
 
 # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
 # example :  LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
@@ -240,7 +240,7 @@ LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
 # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
 # example :  LDAP_USER_SEARCH_FILTER=
 #LDAP_USER_SEARCH_FILTER=
-LDAP_USER_SEARCH_FILTER=""
+LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)"
 
 # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
 # example :  LDAP_USER_SEARCH_SCOPE=one
@@ -265,7 +265,7 @@ LDAP_SEARCH_SIZE_LIMIT=0
 # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
 # example :  LDAP_GROUP_FILTER_ENABLE=true
 #LDAP_GROUP_FILTER_ENABLE=false
-LDAP_GROUP_FILTER_ENABLE=false
+LDAP_GROUP_FILTER_ENABLE=true
 
 # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
 # example :  LDAP_GROUP_FILTER_OBJECTCLASS=group
@@ -275,7 +275,7 @@ LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup
 # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
 # example :
 #LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
-LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=gidNumber
+LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
 
 # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
 # example :
@@ -285,12 +285,12 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid
 # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
 # example :
 #LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
-LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=dn
+LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
 
 # LDAP_GROUP_FILTER_GROUP_NAME :
-# example :
+# example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
 #LDAP_GROUP_FILTER_GROUP_NAME=
-LDAP_GROUP_FILTER_GROUP_NAME=cn
+LDAP_GROUP_FILTER_GROUP_NAME=sftpusers
 
 # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
 # example :  LDAP_UNIQUE_IDENTIFIER_FIELD=guid
@@ -300,6 +300,7 @@ LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID
 # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
 # example :  LDAP_UTF8_NAMES_SLUGIFY=false
 #LDAP_UTF8_NAMES_SLUGIFY=true
+LDAP_UTF8_NAMES_SLUGIFY=true
 
 # LDAP_USERNAME_FIELD : Which field contains the ldap username
 # example :  LDAP_USERNAME_FIELD=username
@@ -324,12 +325,12 @@ LDAP_EMAIL_MATCH_ENABLE=true
 # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
 # example: LDAP_EMAIL_MATCH_REQUIRE=true
 #LDAP_EMAIL_MATCH_REQUIRE=false
-LDAP_EMAIL_MATCH_REQUIRE=true
+LDAP_EMAIL_MATCH_REQUIRE=false
 
 # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
 # example: LDAP_EMAIL_MATCH_VERIFIED=true
 #LDAP_EMAIL_MATCH_VERIFIED=false
-LDAP_EMAIL_MATCH_VERIFIED=true
+LDAP_EMAIL_MATCH_VERIFIED=false
 
 # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
 # example: LDAP_EMAIL_FIELD=mail
@@ -349,6 +350,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
 # LDAP_SYNC_GROUP_ROLES :
 # example :
 #LDAP_SYNC_GROUP_ROLES=
+LDAP_SYNC_GROUP_ROLES=admins
 
 # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
 # example :
@@ -357,9 +359,11 @@ LDAP_DEFAULT_DOMAIN=yh03.yh.yalh.net
 
 # Enable/Disable syncing of admin status based on ldap groups:
 #LDAP_SYNC_ADMIN_STATUS=true
+LDAP_SYNC_ADMIN_STATUS=true
 
 # Comma separated list of admin group names to sync.
 #LDAP_SYNC_ADMIN_GROUPS=group1,group2
+LDAP_SYNC_ADMIN_GROUPS=admins
 
 # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
 # example : LOGOUT_WITH_TIMER=true