Moved from the ejabberd issue:
I ran into an issue with MediaWiki in my VM when using the new LDAP schema. I was preparing the config for MediaWiki, and I cannot make the LDAP authorization work using the filtered role. It looks like we have to use an attribute directly to perform the auth check in the MediaWiki config. I will take another look at this tomorrow
I prepared this email, any feedback? I put it on a Pad so it's easy to edit https://cryptpad.fr/code/#/2/code/edit/uBJev+Y8s1El0zX-ElnleEfQ/
Removing a role from a node will remove the firewall rules included by that role, closing access to the service when someone runs Chef, making everything even more confusing and dangerous
I definitely agree that me setting the ejabberd config manually was not ideal. I think we can close this issue and focus on merging PRs, and not making manual changes to config files
I have created a page to document the SASL downgrade: https://wiki.kosmos.org/Services:XMPP:SASL_downgrade
We can add a screenshot to it right after the switch
I have managed to move each vhost's config to its own file. ejabberd merges the hosts, see 38f39af2a4
I have added a task to create a new page that documents the SASL downgrade on Conversations for existing users. I think it should include a screenshot for it to be clear. The best way I can think of to do that is to create a test kosmos.org user, and then enable both psql and ldap temporarily (with only that user created in LDAP)
How many passwords to we really have in the config? It can’t be that many.