I was able to find it easily from just a user's description in that issue, so uploading a screenshot after we've done the normal switch should be enough. Please don't spend so much time on this detail. Thanks.
OK, so then we need to document exactly what you just commented on the wiki and have a section for Conversations users to explain how to accept the downgrade.
So just because of a single additional line per host it doesn't make sense to split out all the rest?
We’d have to deal with environment variables that have to stay a secret
Just FYI: the tasks in the PR description are not up to date. Some have been done already, and they're missing the LDAP+SASL research for example.
I don't think any other pro customer would have their users get global admin accounts for the entire Kosmos XMPP server.
Why should we add content to the main config file instead of adding separate files for every vhost?
LGTM. Then again, I don't know enough about LDAP to have a good opinion on these things.
We should also make sure that no personal data or communications are logged there.
OK, but then they still don't need to be able to change their email address.
Regarding ecryptfs, that's what I meant with faster on HDDs, but didn't explain in detail:
The title of this issue is still misleading. LDAP users shouldn't be able to directly change anything in the directory. They should always go through akkounts, and I think we should enforce 2FA there for everyone as well.
It's not so much about if the account is enabled, but when to send a message to donate again.