computer-playbook/roles/docker-ldap/templates/ldif/configuration/01_member_of_configuration.ldif.j2

# MemberOf Overlay Configuration for OpenLDAP
#
# This file activates the memberOf module and configures the memberOf overlay,
# which is required by Nextcloud for proper group management.
# @see https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html 
# @see https://www.adimian.com/blog/how-to-enable-memberof-using-openldap/
#
# The first section loads the memberof module from the specified path.
#   - olcModuleLoad: Specifies that the "memberof" module should be loaded.
#   - olcModulePath: Provides the full path to the memberof shared object.
#
# The second section configures the memberOf overlay for the designated database.
#   - The DN "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config" sets up the overlay
#     on the database backend (here assumed to be "hdb").
#   - olcMemberOfDangling: ignore
#         Instructs the overlay to ignore references to non-existent objects.
#   - olcMemberOfRefInt: TRUE
#         Enables referential integrity so that changes in group membership automatically
#         update the user's "memberOf" attribute.
#   - olcMemberOfGroupOC: groupOfNames
#         Specifies that the overlay applies to groups with the object class "groupOfNames".
#   - olcMemberOfMemberAD: member
#         Indicates that the group's membership is stored in the "member" attribute.
#   - olcMemberOfMemberOfAD: memberOf
#         Defines that the overlay will maintain the "memberOf" attribute in user entries.
#
# IMPORTANT: All groups created before enabling this module must be deleted and recreated,
# as the overlay only assigns the "member" attribute when a new group is created.
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof
olcModulePath: /opt/bitnami/openldap/lib/openldap/memberof.so

dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
Optimized setup routine for memberOf ldap 2025-02-12 19:06:32 +01:00			`# MemberOf Overlay Configuration for OpenLDAP`
			`#`
			`# This file activates the memberOf module and configures the memberOf overlay,`
			`# which is required by Nextcloud for proper group management.`
			`# @see https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html`
			`# @see https://www.adimian.com/blog/how-to-enable-memberof-using-openldap/`
			`#`
			`# The first section loads the memberof module from the specified path.`
			`# - olcModuleLoad: Specifies that the "memberof" module should be loaded.`
			`# - olcModulePath: Provides the full path to the memberof shared object.`
			`#`
			`# The second section configures the memberOf overlay for the designated database.`
			`# - The DN "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config" sets up the overlay`
			`# on the database backend (here assumed to be "hdb").`
			`# - olcMemberOfDangling: ignore`
			`# Instructs the overlay to ignore references to non-existent objects.`
			`# - olcMemberOfRefInt: TRUE`
			`# Enables referential integrity so that changes in group membership automatically`
			`# update the user's "memberOf" attribute.`
			`# - olcMemberOfGroupOC: groupOfNames`
			`# Specifies that the overlay applies to groups with the object class "groupOfNames".`
			`# - olcMemberOfMemberAD: member`
			`# Indicates that the group's membership is stored in the "member" attribute.`
			`# - olcMemberOfMemberOfAD: memberOf`
			`# Defines that the overlay will maintain the "memberOf" attribute in user entries.`
			`#`
			`# IMPORTANT: All groups created before enabling this module must be deleted and recreated,`
			`# as the overlay only assigns the "member" attribute when a new group is created.`
			`dn: cn=module,cn=config`
			`cn: module`
			`objectClass: olcModuleList`
			`olcModuleLoad: memberof`
			`olcModulePath: /opt/bitnami/openldap/lib/openldap/memberof.so`

			`dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config`
			`objectClass: olcConfig`
			`objectClass: olcMemberOf`
			`objectClass: olcOverlayConfig`
			`objectClass: top`
			`olcOverlay: memberof`
			`olcMemberOfDangling: ignore`
			`olcMemberOfRefInt: TRUE`
			`olcMemberOfGroupOC: groupOfNames`
			`olcMemberOfMemberAD: member`
			`olcMemberOfMemberOfAD: memberOf`