From 5221c15a66953b21a54c632c4265f9b520d67bdd Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Wed, 10 Jul 2024 20:43:50 +1000
Subject: [PATCH] fix: update ldap filter

- update ldap filter for *arr's to match on user and group
---
 hieradata/roles/apps/media/lidarr.yaml   | 2 +-
 hieradata/roles/apps/media/nzbget.yaml   | 2 +-
 hieradata/roles/apps/media/prowlarr.yaml | 2 +-
 hieradata/roles/apps/media/radarr.yaml   | 2 +-
 hieradata/roles/apps/media/readarr.yaml  | 2 +-
 hieradata/roles/apps/media/sonarr.yaml   | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hieradata/roles/apps/media/lidarr.yaml b/hieradata/roles/apps/media/lidarr.yaml
index 03d3ff4..5c3b754 100644
--- a/hieradata/roles/apps/media/lidarr.yaml
+++ b/hieradata/roles/apps/media/lidarr.yaml
@@ -31,7 +31,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_lidarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=lidarr_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=lidarr_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
diff --git a/hieradata/roles/apps/media/nzbget.yaml b/hieradata/roles/apps/media/nzbget.yaml
index b119e43..2d26b91 100644
--- a/hieradata/roles/apps/media/nzbget.yaml
+++ b/hieradata/roles/apps/media/nzbget.yaml
@@ -31,7 +31,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_nzbget,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
diff --git a/hieradata/roles/apps/media/prowlarr.yaml b/hieradata/roles/apps/media/prowlarr.yaml
index b4a2fc8..826374c 100644
--- a/hieradata/roles/apps/media/prowlarr.yaml
+++ b/hieradata/roles/apps/media/prowlarr.yaml
@@ -31,7 +31,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_prowlarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=prowlarr_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=prowlarr_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
diff --git a/hieradata/roles/apps/media/radarr.yaml b/hieradata/roles/apps/media/radarr.yaml
index 1c18b4e..1cd50a4 100644
--- a/hieradata/roles/apps/media/radarr.yaml
+++ b/hieradata/roles/apps/media/radarr.yaml
@@ -32,7 +32,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_radarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=radarr_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=radarr_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
diff --git a/hieradata/roles/apps/media/readarr.yaml b/hieradata/roles/apps/media/readarr.yaml
index 060f509..ee17dce 100644
--- a/hieradata/roles/apps/media/readarr.yaml
+++ b/hieradata/roles/apps/media/readarr.yaml
@@ -31,7 +31,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_readarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=readarr_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=readarr_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
diff --git a/hieradata/roles/apps/media/sonarr.yaml b/hieradata/roles/apps/media/sonarr.yaml
index 9724726..578bbff 100644
--- a/hieradata/roles/apps/media/sonarr.yaml
+++ b/hieradata/roles/apps/media/sonarr.yaml
@@ -31,7 +31,7 @@ profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 
 ldap_binddn: 'cn=svc_sonarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
-ldap_template: '(memberOf=ou=sonarr_access,ou=groups,dc=main,dc=unkin,dc=net)'
+ldap_template: '(&(uid=%(username)s)(memberOf=ou=sonarr_access,ou=groups,dc=main,dc=unkin,dc=net))'
 
 # configure consul service
 consul::services:
-- 
2.47.3