Making the TLS setup took me longer than I thought (it involved some funky format changes), but I got it to work. I'm going to push a PR later this evening or tomorrow
I forgot to update, the cert for kosmos.social was automatically renewed as planned on Oct 28
This is running on andromeda, ready to merge. Confirmed to work by running certbot renew --test-cert --dry-run, the cert will be renewed tomorrow when the cron job runs
I found the issue, it was caused by this addition: 10b6f63
That's correct, I still don't understand your question.
If that’s the case, then how are accounts the same between Mastodon and other services?
I’m pretty sure we do not want to create users from Mastodon. It would mean that when you already have an LDAP user for e.g. XMPP or Gitea, you then have an additional one, no?
Existing accounts will work after we enable LDAP in Mastodon. Accounts created by logging in with an LDAP user do not have an encrypted_password set in the Mastodon database, the password is checked on the LDAP account and they have the external flag set. Existing accounts that have an encrypted_password set will still work if they do not exist in LDAP.
Got it, using extensibleObject as objectClass we can used arbitrary attributes: