From 498a313d6cc183adaaadebf45fcbb9f12608474b Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Mon, 15 Jan 2024 09:27:59 +0100
Subject: [PATCH 1/4] Update authorizations and labels in build-images.sh

---
 build-images.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build-images.sh b/build-images.sh
index e61529e..a48771f 100644
--- a/build-images.sh
+++ b/build-images.sh
@@ -29,7 +29,7 @@ buildah add "${container}" imageroot /imageroot
 buildah add "${container}" ui/dist /ui
 # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container
 buildah config --entrypoint=/ \
-    --label="org.nethserver.authorizations=traefik@any:routeadm" \
+    --label="org.nethserver.authorizations=traefik@any:routeadm cluster:accountconsumer" \
     --label="org.nethserver.tcp-ports-demand=1" \
     --label="org.nethserver.rootfull=0" \
     --label="org.nethserver.images=docker.io/redis:6.2.12-alpine docker.io/mariadb:10.6.16 docker.io/nginx:1.25.3-alpine ghcr.io/nethserver/nextcloud-app:${IMAGETAG}" \

From 9fbb5c30ef29d2c2677a92f8129836ef5c297da7 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Mon, 15 Jan 2024 11:21:36 +0100
Subject: [PATCH 2/4] Add LDAP user domain configuration and binding

---
 imageroot/bin/setup-ldap | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/imageroot/bin/setup-ldap b/imageroot/bin/setup-ldap
index 0b31abf..9b63e05 100755
--- a/imageroot/bin/setup-ldap
+++ b/imageroot/bin/setup-ldap
@@ -58,6 +58,12 @@ if not domain:
     print(f'Domain not found: {cdomain}', file=sys.stderr)
     sys.exit(0)
 
+# Store domain name for services configuration:
+agent.set_env("LDAP_USER_DOMAIN", cdomain)
+
+# Bind the new domain, overriding previous values (unbind)
+agent.bind_user_domains([cdomain])
+
 # we wait after nextcloud-app systemed is ready inside systemd script wait_after_nextcloud
 
 occ(["app:enable", "user_ldap"])

From 933b2aa561442ce15ec9a675682d07201183e446 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Mon, 15 Jan 2024 11:29:22 +0100
Subject: [PATCH 3/4] code review of Davide Principi

Co-authored-by: Davide Principi <davide.principi@nethesis.it>
---
 imageroot/bin/setup-ldap | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/imageroot/bin/setup-ldap b/imageroot/bin/setup-ldap
index 9b63e05..7b3a1b3 100755
--- a/imageroot/bin/setup-ldap
+++ b/imageroot/bin/setup-ldap
@@ -58,9 +58,6 @@ if not domain:
     print(f'Domain not found: {cdomain}', file=sys.stderr)
     sys.exit(0)
 
-# Store domain name for services configuration:
-agent.set_env("LDAP_USER_DOMAIN", cdomain)
-
 # Bind the new domain, overriding previous values (unbind)
 agent.bind_user_domains([cdomain])
 

From e5e3def242a7a3ead8395070bb92ba36194e5e74 Mon Sep 17 00:00:00 2001
From: Davide Principi <davide.principi@nethesis.it>
Date: Thu, 18 Jan 2024 18:18:46 +0100
Subject: [PATCH 4/4] Upgrade cluster/module_domains key

---
 imageroot/update-module.d/50bind_user_domain | 24 ++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100755 imageroot/update-module.d/50bind_user_domain

diff --git a/imageroot/update-module.d/50bind_user_domain b/imageroot/update-module.d/50bind_user_domain
new file mode 100755
index 0000000..3dbd392
--- /dev/null
+++ b/imageroot/update-module.d/50bind_user_domain
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import agent
+import os
+import sys
+import json
+
+try:
+    with open("config.json") as fcfg:
+        user_ldap_domain = json.load(fcfg)["domain"]
+except:
+    sys.exit(0)
+
+if not user_ldap_domain:
+    sys.exit(0)
+
+rdb = agent.redis_connect(use_replica=True)
+if not agent.get_bound_domain_list(rdb):
+    agent.bind_user_domains([user_ldap_domain])