Use:
extract (the future) FreeBSD release package into /usr/local/ -> so your files will be under /usr/local/lldap_server/
save/copy this rc.d script file into /usr/local/etc/rc.d/
finally cat lldap_enable=YES >> /etc/rc.conf
the service script set to run the lldap server as "www" user - make sure the whole lldap_server directory is accessible/runnable by "www". Simplest to run chown -R www:www /usr/local/lldap_server
* Fixes following issues:
- double braces around mail= filter cause:
ldap_search_ext: Bad search filter (-7)
- too wide/upper level base DN cause, changed to ou= level helps
result: 53 Server is unwilling to perform
text: Unsupported group attribute for substring filter: "mail"
Existing logic used jq's contain which confusingly will do partial string matches. For example a group named "media_admin" will be created then "media" will be skipped saying it already exists.
Corrected a base URL, points at the nextcloud instance now instead of the authentificator.
Also added additional information for different nextcloud URL configurations.
Keycloak seems to default to "First name" being `cn` which LLDAP uses for Display Name, resulting in Users getting duplicated display names in Keycloak (like First Last Last), or missing their first name entirely (when they have no DIsplay Name in LLDAP).
This just updates the example config to provide instructions on changing the attribute mapping in Keycloak to fix this.
* Update jellyfin.md example
The LdapAdminBaseDN either doesn't work properly or is used incorrectly here.
This change will make it work.
see:
- https://github.com/jellyfin/jellyfin-plugin-ldapauth/issues/145
* Update jellyfin.md
Added some more detail about admin groups and user groups.
