From a930d469ea4f8238875ebd768c1d4298b17e1287 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Fri, 11 Feb 2022 14:34:10 +0100 Subject: [PATCH] Updated mx.in, sns.in and wiki.in (small tweaks), added c3.sh. --- scripts/c3.sh | 504 ++++++++++++++++++ scripts/update-base.sh | 12 +- sources/mx.in/firstboot/01_setupnetworking.sh | 4 +- sources/mx.in/postinstall/04_editfiles.sh | 2 +- .../var/named/228.10.in-addr.arpa.zonesource | 1 + .../var/named/in.useribm.hu.zonesource | 1 + sources/wiki.in/firstboot/10_certbot.sh | 1 + .../install/etc/dokuwiki/local.php | 6 +- 8 files changed, 519 insertions(+), 12 deletions(-) create mode 100755 scripts/c3.sh diff --git a/scripts/c3.sh b/scripts/c3.sh new file mode 100755 index 0000000..d0b4a0c --- /dev/null +++ b/scripts/c3.sh @@ -0,0 +1,504 @@ +#!/bin/sh + + +# Container Creation and Configuration + + +USAGE="Usage: $(basename $0) " + +if [ $# -ne 1 ] +then + echo "$USAGE" >&2 + exit 1 +fi + +if [ ! -f /etc/lxc/lxc.conf ] +then + echo "No lxc system configuration found" >&2 + exit 1 +fi + +backup_old_container() +{ + if [ -z "$OLD_CONTAINER_NAME" ] + then + return 0 + fi + + echo "Backing up (the old) container." + + if [ -d $OLD_CONTAINER_BACKUP_PATH ] + then + rm -Rf ${OLD_CONTAINER_BACKUP_PATH}.old + mv $OLD_CONTAINER_BACKUP_PATH ${OLD_CONTAINER_BACKUP_PATH}.old + fi + + OLD_CONTAINER_STATE=$(lxc-info --name=$OLD_CONTAINER_NAME --state 2>/dev/null \ + | cut -f 2 -d ':' | tr -d ' ') + case "$OLD_CONTAINER_STATE" in + "RUNNING") + echo "Stopping (the old) container $OLD_CONTAINER_NAME" + lxc-stop --name=$OLD_CONTAINER_NAME + echo "Stopped (the old) container $OLD_CONTAINER_NAME" + ;; + "STOPPED") + ;; + *) + echo "Unknown container state: $OLD_CONTAINER_STATE" >&2 + exit 1 + ;; + esac + + mv $OLD_CONTAINER_PATH $OLD_CONTAINER_BACKUP_PATH + + echo "(The old) container has been backed up." +} + +copy_and_install() +{ + echo "Copying base container files." + + for FQ_DIRECTORY in $BASE_CONTAINER_PATH/rootfs/* + do + DIRECTORY=$(basename $FQ_DIRECTORY) + case "$DIRECTORY" in + "usr") + # common for all containers + cp --archive --link $FQ_DIRECTORY $CONTAINER_BUILDROOT + ;; + "dev" | "proc") + # already mounted, skip + ;; + *) + # each container must have its own version + cp --archive $FQ_DIRECTORY $CONTAINER_BUILDROOT + ;; + esac + done + + echo "Installing special packages." + + case "$DISTRIBUTION" in + "CentOS") + YUM_CONFIG=$SCRIPT_PATH/yum.conf.centos + YUM_RELEASEVER=$DISTRIBUTION_VERSION + if [ -n "$SPEC_PACKAGES" ] + then + yum --assumeyes \ + --config=$YUM_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$YUM_RELEASEVER \ + install $SPEC_PACKAGES + fi + yum --assumeyes \ + --config=$YUM_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$YUM_RELEASEVER \ + clean all + ;; + "Fedora") + DNF_CONFIG=$SCRIPT_PATH/dnf.conf.fedora + DNF_RELEASEVER=$DISTRIBUTION_VERSION + if [ -n "$SPEC_PACKAGES" ] + then + dnf --assumeyes \ + --config=$DNF_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$DNF_RELEASEVER \ + install $SPEC_PACKAGES + fi + dnf --assumeyes \ + --config=$DNF_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$DNF_RELEASEVER \ + clean all + ;; + "Rocky") + YUM_CONFIG=$SCRIPT_PATH/yum.conf.rocky + YUM_RELEASEVER=$DISTRIBUTION_VERSION + if [ -n "$SPEC_PACKAGES" ] + then + yum --assumeyes \ + --config=$YUM_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$YUM_RELEASEVER \ + install $SPEC_PACKAGES + fi + yum --assumeyes \ + --config=$YUM_CONFIG \ + --disablerepo=* \ + --enablerepo=local-* \ + --installroot=$CONTAINER_BUILDROOT \ + --releasever=$YUM_RELEASEVER \ + clean all + ;; + esac + + echo "Copied files and installed packages." +} + +create_build_path() +{ + echo "Creating and populating the container build directory." + + mkdir --parents $CONTAINER_BUILDROOT + + sed --expression="s|__CONTAINER_FILESYSTEMS_PATH__|$CONTAINER_FILESYSTEMS_PATH|" \ + --expression="s|__CONTAINER_PATH__|$CONTAINER_PATH|" \ + --expression="s|__CONTAINER_START_ORDER__|$CONTAINER_START_ORDER|" \ + <$CONTAINER_SOURCE_PATH/config \ + >$CONTAINER_BUILD_PATH/config + if [ -d $CONTAINER_SOURCE_PATH/hooks ] + then + cp --archive $CONTAINER_SOURCE_PATH/hooks $CONTAINER_BUILD_PATH + fi + + echo "Created and populated the container build directory." +} + +create_environment_file() +{ + ENV_FILE=$(mktemp) + + + echo "Creating environment file." + + echo "SCRIPT_PATH=$SCRIPT_PATH" >>$ENV_FILE + echo "BASE_PATH=$BASE_PATH" >>$ENV_FILE + echo "BACKUPS_PATH=$BACKUPS_PATH" >>$ENV_FILE + echo "BUILD_PATH=$BUILD_PATH" >>$ENV_FILE + echo "FILESYSTEMS_PATH=$FILESYSTEMS_PATH" >>$ENV_FILE + echo "SOURCES_PATH=$SOURCES_PATH" >>$ENV_FILE + echo "SSH_KEYS_PATH=$SSH_KEYS_PATH" >>$ENV_FILE + echo >>$ENV_FILE + echo "CONTAINER_BASENAME=$CONTAINER_BASENAME" >>$ENV_FILE + echo "CONTAINER_NAME=$CONTAINER_NAME" >>$ENV_FILE + echo "CONTAINER_OS=$CONTAINER_OS" >>$ENV_FILE + echo "CONTAINER_PATH=$CONTAINER_PATH" >>$ENV_FILE + echo "CONTAINER_BUILD_PATH=$CONTAINER_BUILD_PATH" >>$ENV_FILE + echo "CONTAINER_FILESYSTEMS_PATH=$CONTAINER_FILESYSTEMS_PATH" >>$ENV_FILE + echo "CONTAINER_SOURCE_PATH=$CONTAINER_SOURCE_PATH" >>$ENV_FILE + echo "CONTAINER_BUILDROOT=$CONTAINER_BUILDROOT" >>$ENV_FILE + echo >>$ENV_FILE + echo "OLD_CONTAINER_NAME=$OLD_CONTAINER_NAME" >>$ENV_FILE + echo "OLD_CONTAINER_PATH=$OLD_CONTAINER_PATH" >>$ENV_FILE + echo "OLD_CONTAINER_BACKUP_PATH=$OLD_CONTAINER_BACKUP_PATH" >>$ENV_FILE + + echo "Environment file created." +} + +populate_c3d() +{ + echo "Creating and populating the container creation and configuration directory." + + if [ -d $CONTAINER_SOURCE_PATH/c3d ] + then + cp --archive $CONTAINER_SOURCE_PATH/c3d $CONTAINER_BUILDROOT + find $CONTAINER_BUILDROOT/c3d -type d -print0 \ + | xargs --null chmod 755 + find $CONTAINER_BUILDROOT/c3d -type f -print0 \ + | xargs --null chmod 644 + chown --recursive root.root $CONTAINER_BUILDROOT/c3d + fi + + MODE_LIST=$CONTAINER_BUILDROOT/c3d/mode.txt + if [ -f $MODE_LIST ] + then + grep --invert-match \ + --regexp='^#' \ + --regexp='^$' $MODE_LIST | while read LINE + do + TGT_MODE=$(echo "$LINE" | cut -f 1 -d ' ') + TGT_PATH=$(echo "$LINE" | cut -f 2 -d ' ') + chmod $TGT_MODE $CONTAINER_BUILDROOT/c3d/$TGT_PATH + done + fi + + OWNER_LIST=$CONTAINER_BUILDROOT/c3d/owner.txt + if [ -f $OWNER_LIST ] + then + grep --invert-match \ + --regexp='^#' \ + --regexp='^$' $OWNER_LIST | while read LINE + do + TGT_OWNER=$(echo "$LINE" | cut -f 1 -d ' ') + TGT_PATH=$(echo "$LINE" | cut -f 2 -d ' ') + chroot $CONTAINER_BUILDROOT chown $TGT_OWNER /c3d/$TGT_PATH + done + fi + + echo "Created and populated the container creation and configuration directory." +} + +set_variables() +{ + CONTAINER_NAME_PARAMETER=$1 + + + echo "Setting variables." + + CONTAINER_BASENAME=$(basename $CONTAINER_NAME_PARAMETER) + + LXC_PATH=$(grep '^lxc.lxcpath' /etc/lxc/lxc.conf \ + | cut -f 2 -d '=' | tr -d ' ') + + SCRIPT_PATH=$(dirname $(realpath $0)) + BASE_PATH=$(dirname $SCRIPT_PATH) + BACKUPS_PATH=$BASE_PATH/backups + BUILD_PATH=$BASE_PATH/build + FILESYSTEMS_PATH=$BASE_PATH/filesystems + SOURCES_PATH=$BASE_PATH/sources + SSH_KEYS_PATH=$BASE_PATH/user-ssh + + CONTAINER_FILESYSTEMS_PATH=$FILESYSTEMS_PATH/$CONTAINER_BASENAME + CONTAINER_SOURCE_PATH=$SOURCES_PATH/$CONTAINER_BASENAME + + if [ ! -d $CONTAINER_SOURCE_PATH ] + then + echo "No source found for $CONTAINER_BASENAME" >&2 + return 1 + fi + + if [ ! -f $CONTAINER_SOURCE_PATH/config ] + then + echo "No config file found for $CONTAINER_BASENAME" >&2 + return 2 + fi + + if [ ! -f $CONTAINER_SOURCE_PATH/envvars ] + then + echo "No envvars file found for $CONTAINER_BASENAME" >&2 + return 3 + fi + + source $CONTAINER_SOURCE_PATH/envvars + RC=$? + if [ $RC -ne 0 ] + then + echo "Could not source $CONTAINER_SOURCE_PATH/envvars, rc: $RC" >&2 + return 4 + fi + + if [ -z "$DISTRIBUTION" ] + then + echo "No DISTRIBUTION variable set in envvars file" >&2 + return 5 + fi + if [ -z "$DISTRIBUTION_VERSION" ] + then + echo "No DISTRIBUTION_VERSION variable set in envvars file" >&2 + return 6 + fi + + case "$DISTRIBUTION" in + "CentOS") + YUM_RELEASEVER=$DISTRIBUTION_VERSION + ;; + "Fedora") + DNF_RELEASEVER=$DISTRIBUTION_VERSION + ;; + "Rocky") + YUM_RELEASEVER=$DISTRIBUTION_VERSION + ;; + *) + echo "Unknown distribution: $DISTRIBUTION" >&2 + return 7 + ;; + esac + + DISTRIBUTION_FIRST_CHAR=$(echo "$DISTRIBUTION" | cut -c 1 | tr '[A-Z]' '[a-z]') + CONTAINER_OS="${DISTRIBUTION_FIRST_CHAR}$DISTRIBUTION_VERSION" + + BASE_CONTAINER_PATH=$LXC_PATH/base.$CONTAINER_OS + + if [ ! -d $BASE_CONTAINER_PATH ] + then + echo "The container does not have a base container (base.${CONTAINER_OS})." >&2 + return 8 + fi + + CONTAINER_NAME="${CONTAINER_BASENAME}.$CONTAINER_OS" + + CONTAINER_PATH=$LXC_PATH/$CONTAINER_NAME + CONTAINER_BUILD_PATH=$BUILD_PATH/$CONTAINER_NAME + + if [ -d $CONTAINER_BUILD_PATH ] + then + echo "The build directory already exists." >&2 + return 9 + fi + + CONTAINER_BUILDROOT=$CONTAINER_BUILD_PATH/rootfs + + CONTAINER_START_ORDER=$(grep -w $CONTAINER_BASENAME $SOURCES_PATH/start-order.txt \ + | awk '{print $2}') + + if [ -z "$CONTAINER_START_ORDER" ] + then + echo "The container does not have a start order." >&2 + return 10 + fi + + OLD_CONTAINER_NAME=$(lxc-ls -1 | grep -w "^$CONTAINER_BASENAME") + #OLD_CONTAINER_OS=$(echo $OLD_CONTAINER_NAME | sed 's/.*\.\([^\.]*\)$/\1/') + OLD_CONTAINER_PATH=$LXC_PATH/$OLD_CONTAINER_NAME + OLD_CONTAINER_BACKUP_PATH=$BACKUPS_PATH/$OLD_CONTAINER_NAME + + echo "All variables set." +} + +preinstall() +{ + echo "Executing preinstall phase." + + if [ -d $CONTAINER_BUILDROOT/c3d/preinstall/scripts ] + then + shopt -s nullglob + for SCRIPT in $CONTAINER_BUILDROOT/c3d/preinstall/scripts/*.sh + do + echo $SCRIPT $ENV_FILE + $SCRIPT $ENV_FILE + done + shopt -u nullglob + fi + + mkdir $CONTAINER_BUILDROOT/dev + mkdir $CONTAINER_BUILDROOT/proc + mount -o bind /dev $CONTAINER_BUILDROOT/dev + mount -t proc proc $CONTAINER_BUILDROOT/proc + + echo "Finished preinstall phase." +} + +postinstall() +{ + echo "Executing postinstall phase." + + POSTINSTALL_PATH=$CONTAINER_BUILDROOT/c3d/postinstall + if [ -d $POSTINSTALL_PATH ] + then + RUN_LIST=$POSTINSTALL_PATH/ssh/run.list + if [ -f $RUN_LIST ] + then + grep -v '^#' $RUN_LIST | while read LINE + do + TGT_HOST=$(echo "$LINE" | cut -f 1 -d ' ') + TGT_USER=$(echo "$LINE" | cut -f 2 -d ' ') + TGT_EXECUTABLE=$(echo "$LINE" | cut -f 3 -d ' ') + ssh -i $SSH_KEYS_PATH/scripts -l $TGT_USER $TGT_HOST $TGT_EXECUTABLE + done + fi + COPY_PATH=$POSTINSTALL_PATH/scp + COPY_LIST=$COPY_PATH/copy.list + if [ -f $COPY_LIST ] + then + grep -v '^#' $COPY_LIST | while read LINE + do + SRC_HOST=$(echo "$LINE" | cut -f 1 -d ' ') + SRC_PATH=$(echo "$LINE" | cut -f 2 -d ' ') + scp -i $SSH_KEYS_PATH/scripts -p -r \ + root@${SRC_HOST}:$SRC_PATH $COPY_PATH + done + fi + if [ -d $POSTINSTALL_PATH/install-data ] + then + tar --create \ + --directory=$POSTINSTALL_PATH \ + --exclude=.placeholder \ + --to-stdout \ + install-data \ + | tar --extract \ + --backup \ + --directory=$CONTAINER_BUILDROOT \ + --no-overwrite-dir \ + --strip-components=1 \ + --suffix=.orig + fi + + shopt -s nullglob + for SCRIPT in $POSTINSTALL_PATH/scripts/*.sh + do + POSTINSTALL_SCRIPT=$(echo $SCRIPT | sed "s|^$CONTAINER_BUILDROOT||") + echo chroot $CONTAINER_BUILDROOT $POSTINSTALL_SCRIPT + chroot $CONTAINER_BUILDROOT $POSTINSTALL_SCRIPT + done + shopt -u nullglob + fi + + umount $CONTAINER_BUILDROOT/dev + umount $CONTAINER_BUILDROOT/proc + + echo "Finished postinstall phase." +} + +firstboot() +{ + echo "Executing firstboot phase." + + CONTAINER_ROOTFS=$CONTAINER_PATH/rootfs + FIRSTBOOT_PATH=$CONTAINER_ROOTFS/c3d/firstboot + + if [ -d $FIRSTBOOT_PATH ] + then + shopt -s nullglob + for SCRIPT in $FIRSTBOOT_PATH/scripts/*.sh + do + FIRSTBOOT_SCRIPT=$(echo $SCRIPT | sed "s|^$CONTAINER_ROOTFS||") + echo lxc-attach --name=$CONTAINER_NAME -- $FIRSTBOOT_SCRIPT + lxc-attach --name=$CONTAINER_NAME -- $FIRSTBOOT_SCRIPT + done + shopt -u nullglob + fi + + echo "Finished firstboot phase." +} + +set_variables $1 +RC=$? +if [ $RC -ne 0 ] +then + echo "Could not set variables, rc: $RC" >&2 + exit $RC +fi + +echo "Starting at $(date)" + +create_environment_file + +create_build_path + +preinstall + +copy_and_install + +populate_c3d + +postinstall + +backup_old_container + +mv $CONTAINER_BUILD_PATH $CONTAINER_PATH + +echo "Starting (the new) container $CONTAINER_NAME" +lxc-start --name=$CONTAINER_NAME --daemon + +echo "Waiting for (the new) container $CONTAINER_NAME to start up." +lxc-wait --name=$CONTAINER_NAME --state=RUNNING + +firstboot + +rm --force $ENV_FILE + +echo rm --force --recursive $CONTAINER_ROOTFS/c3d + +echo "Finishing at $(date)" diff --git a/scripts/update-base.sh b/scripts/update-base.sh index b3fd22e..91c7a64 100755 --- a/scripts/update-base.sh +++ b/scripts/update-base.sh @@ -25,14 +25,14 @@ update_packages() --config=$YUM_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$YUM_RELEASEVER \ update yum --assumeyes \ --config=$YUM_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$YUM_RELEASEVER \ clean all ;; @@ -43,14 +43,14 @@ update_packages() --config=$DNF_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$DNF_RELEASEVER \ update dnf --assumeyes \ --config=$DNF_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$DNF_RELEASEVER \ clean all ;; @@ -61,14 +61,14 @@ update_packages() --config=$YUM_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$YUM_RELEASEVER \ update yum --assumeyes \ --config=$YUM_CONFIG \ --disablerepo=* \ --enablerepo=local-* \ - --installroot=$CONTAINER_PATH \ + --installroot=$CONTAINER_PATH/rootfs \ --releasever=$YUM_RELEASEVER \ clean all ;; diff --git a/sources/mx.in/firstboot/01_setupnetworking.sh b/sources/mx.in/firstboot/01_setupnetworking.sh index 95348db..bddee6c 100755 --- a/sources/mx.in/firstboot/01_setupnetworking.sh +++ b/sources/mx.in/firstboot/01_setupnetworking.sh @@ -37,8 +37,6 @@ CONNECTION_LINE=$(nmcli --terse connection show) CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') -nmcli connection delete uuid "$CONNECTION_UUID" - nmcli connection add \ connection.autoconnect yes \ connection.id internal \ @@ -56,4 +54,6 @@ nmcli connection add \ ipv6.method "manual" \ save yes +nmcli connection delete uuid "$CONNECTION_UUID" + nmcli connection show diff --git a/sources/mx.in/postinstall/04_editfiles.sh b/sources/mx.in/postinstall/04_editfiles.sh index d24519c..bb5344c 100755 --- a/sources/mx.in/postinstall/04_editfiles.sh +++ b/sources/mx.in/postinstall/04_editfiles.sh @@ -2,5 +2,5 @@ sed --in-place=.orig \ - 's/^After=\(.*\)network\.target\(.*\)$/After=\1network-online.target\2/' \ + '/^After=.*network\.target.*$/a After=network-online.target\nWants=network-online.target' \ /usr/lib/systemd/system/postfix.service diff --git a/sources/sns.in/postinstall/install/var/named/228.10.in-addr.arpa.zonesource b/sources/sns.in/postinstall/install/var/named/228.10.in-addr.arpa.zonesource index 46c548d..64865da 100644 --- a/sources/sns.in/postinstall/install/var/named/228.10.in-addr.arpa.zonesource +++ b/sources/sns.in/postinstall/install/var/named/228.10.in-addr.arpa.zonesource @@ -69,6 +69,7 @@ $TTL 86400 ; ================================================================ ; redhat satellite (rs = 18 * 10 + 19 = 199) ; ================================================================ +67.199 IN PTR rsserver67.in.useribm.hu. 2.199 IN PTR rsadserver.in.useribm.hu. 1.199 IN PTR rsserver.in.useribm.hu. diff --git a/sources/sns.in/postinstall/install/var/named/in.useribm.hu.zonesource b/sources/sns.in/postinstall/install/var/named/in.useribm.hu.zonesource index b173b11..41b9980 100644 --- a/sources/sns.in/postinstall/install/var/named/in.useribm.hu.zonesource +++ b/sources/sns.in/postinstall/install/var/named/in.useribm.hu.zonesource @@ -77,6 +77,7 @@ lpar11 IN A 10.228.201.11 ; 11 ; ================================================================ ; redhat satellite (rs = 18 * 10 + 19 = 199) ; ================================================================ +rsserver67 IN A 10.228.199.67 rsadserver IN A 10.228.199.2 rsserver IN A 10.228.199.1 diff --git a/sources/wiki.in/firstboot/10_certbot.sh b/sources/wiki.in/firstboot/10_certbot.sh index bd14fed..7015757 100755 --- a/sources/wiki.in/firstboot/10_certbot.sh +++ b/sources/wiki.in/firstboot/10_certbot.sh @@ -1,4 +1,5 @@ #!/bin/sh +exit 0 for f in /etc/httpd/conf.d/*.le diff --git a/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php b/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php index d07d0fb..e7000b1 100644 --- a/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php +++ b/sources/wiki.in/postinstall/install/etc/dokuwiki/local.php @@ -18,10 +18,10 @@ $conf['superuser'] = 'zfelleg'; $conf['authtype'] = 'authldap'; -$conf['plugin']['authldap']['server'] = 'ldap://ldap.in.useribm.hu:389'; +$conf['plugin']['authldap']['server'] = 'ldap://fds.in.useribm.hu:389'; $conf['plugin']['authldap']['usertree'] = 'ou=People,dc=user,dc=hu'; -$conf['plugin']['authldap']['grouptree'] = 'ou=Group,dc=user,dc=hu'; +$conf['plugin']['authldap']['grouptree'] = 'ou=Groups,dc=user,dc=hu'; $conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; -$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; +$conf['plugin']['authldap']['groupfilter'] = '(&(member=%{dn})(objectClass=posixGroup))'; $conf['plugin']['authldap']['version'] = 3; $conf['plugin']['authldap']['attributes'] = array(); -- 2.54.0