I found the issue, it was caused by this addition: 10b6f63
That's correct, I still don't understand your question.
If that’s the case, then how are accounts the same between Mastodon and other services?
I’m pretty sure we do not want to create users from Mastodon. It would mean that when you already have an LDAP user for e.g. XMPP or Gitea, you then have an additional one, no?
Existing accounts will work after we enable LDAP in Mastodon. Accounts created by logging in with an LDAP user do not have an encrypted_password set in the Mastodon database, the password is checked on the LDAP account and they have the external flag set. Existing accounts that have an encrypted_password set will still work if they do not exist in LDAP.
Got it, using extensibleObject as objectClass we can used arbitrary attributes:
On the subject of groups: https://ldapwiki.com/wiki/Groups%20Are%20Bad
I got ejabberd working with LDAP auth in a VM. ejabberd itself, like GitLab, only has read-only support for LDAP, so you can't create users on LDAP through ejabberdctl. I created an ldif file and used ldapadd to add a group and a user: