# general
- n
nitnelave
09/03/2025, 9:10 AMFeel free to open a #992916353847668756 thread for this! - t
Tarrew
09/03/2025, 7:14 PMis there a way to always start the server with
? I'd like to just change it when i rotate the password, but can't leave the flag active, because it will fail withforce-ldap-user-pass-resetError: Restart the server without --force-update-private-key or --force-ldap-user-pass-reset to continue. - n
nitnelave
09/04/2025, 9:06 AMWhy not just call lldap_set_user_password? - n
nitnelave
09/04/2025, 9:07 AMWithout restarting the server - t
Tarrew
09/04/2025, 9:56 AMThat would require having the admin password in the first place for authentication, doesnt it? - n
nitnelave
09/04/2025, 10:03 AMYes - k
Kumpelinus
09/04/2025, 10:12 AMis your question about rotating the password, to reset it in case of forgetting it or both? - t
Tarrew
09/04/2025, 11:04 AMboth kind of. I manage my passwords in sops. When i change the password with sops, say by automatically rotating it, i would like to change it automatically for the admin. So best case would be that i can always run LLDAP with
and it would just reset the admin PW to whatever the env variable isforce-ldap-user-pass-reset - n
nitnelave
09/04/2025, 11:27 AMHow do you automate the restart of LLDAP? - t
Tarrew
09/04/2025, 1:07 PMits managed with sd-switch. basically when the hash of the systemd unit changes, it gets restarted automatically - n
nitnelave
09/04/2025, 1:09 PMThat's a fancy setup you have here 😄 Looking at the docs, I realize that your use case is already supported: you need to set force_ldap_user_pass_reset to "always" - t
Tarrew
09/04/2025, 1:41 PMahh yes, i knew i stumbled across this before but couldnt find it again. Thanks! - t
Tarrew
09/04/2025, 1:41 PMand yes, i'm a Nix(OS) fanboy, you can't go back once you started making everything declarative ;D - k
Kumpelinus
09/04/2025, 1:42 PMI will start using nixos in like 1-2 days 😅 - t
Tarrew
09/04/2025, 1:42 PMyou'll like it - t
Tarrew
09/04/2025, 1:42 PMhopefully ;D - k
Kumpelinus
09/04/2025, 1:43 PMI hope so too 😅 - t
Tarrew
09/04/2025, 1:43 PMyou can even use Nix on non NixOS distros, many people don't know - t
Tarrew
09/04/2025, 1:44 PMits a nice start playing around with Home Manager before jumping to NixOS - k
Kumpelinus
09/04/2025, 1:45 PMYeah, but I went with the vm approach for a while now. I just didn't like mixing it - t
Tarrew
09/04/2025, 1:45 PMeven better, nice one - t
Tarrew
09/04/2025, 1:46 PMi try to do as much as in HM as possible ;D - p
Pizmovc
09/04/2025, 2:01 PMBeen using NixOS on the server for years now, including running LLDAP. Its great, but the learning curve can be brutal 😅 - b
bin101
09/08/2025, 7:22 AMI see that group inheritance is still open on the roadmap (sadly since '22) but would it be possible to use a custom multi value attribute and a corresponding filter to Authelia to add a list of groups to a user in one go? I tried it but I don't really understand the filter syntax... - n
nitnelave
09/08/2025, 7:24 AMYou can make "meta groups" that represent several other groups, at the cost of making all your filters more complicated: instead of "is user in group X", it becomes "is user or group X or the meta group" - b
bin101
09/08/2025, 7:25 AMThat would be enough for me, is there anywhere an example config for that? - n
nitnelave
09/08/2025, 7:27 AMThe syntax for an "or" condition is
with each condition being a parenthesized expression(| condition-1 condition-2) - n
nitnelave
09/08/2025, 7:28 AMSo something like(| (memberOf=...) (memberOf=...) ) - e
Enzo
09/08/2025, 11:30 PMIs it possible to give a user or a group write permission to only specific attributes? - n
nitnelave
09/09/2025, 6:20 AMNo, permissions are very coarse grain