I have sent the emails with a unique generated temporary password and instructions for users without a wiki account, and with instructions for users with a a wiki account
I have rewritten the commit message:
Disable the LDAPAuthorization plugin. The LDAPAuthentication2 plugin is still used to authenticate users, but every kosmos.org user has access to the wiki. See https://www.mediawiki.org/wiki/Extension:PluggableAuth for the distinction between authentication and authorization
I have added the date and time of the switch to the email, as well as created a second email template for users that already had a Wiki account: https://cryptpad.fr/code/#/2/code/edit/uBJev+Y8s1El0zX-ElnleEfQ/
I will pair with @galfert on the switch, we have set the date to Thursday at 13:00 GMT
Why do we have to filter anything? We agreed that every user should have a wiki account, no matter what (and that we may want to do the same with other accounts, like e.g. personal Gitea accounts).
Yes, in the end removing the LDAPAuthorization Mediawiki extension works in this case, no need for filtering. I'm pushing a PR with the config changes
Regarding the steps/checklist: I think the emails should be sent out before the switch, and they should contain the date and time for when their password stops working, no?
Yes, I have updated the steps. I will change the email in the pad and will announce the switch date and time as soon as it's set
Moved from the ejabberd issue:
I ran into an issue with MediaWiki in my VM when using the new LDAP schema. I was preparing the config for MediaWiki, and I cannot make the LDAP authorization work using the filtered role. It looks like we have to use an attribute directly to perform the auth check in the MediaWiki config. I will take another look at this tomorrow
I prepared this email, any feedback? I put it on a Pad so it's easy to edit https://cryptpad.fr/code/#/2/code/edit/uBJev+Y8s1El0zX-ElnleEfQ/
Removing a role from a node will remove the firewall rules included by that role, closing access to the service when someone runs Chef, making everything even more confusing and dangerous
I definitely agree that me setting the ejabberd config manually was not ideal. I think we can close this issue and focus on merging PRs, and not making manual changes to config files