From 618d047df8cb565a5aae5c966f87bf52bcd5759d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Mon, 26 Dec 2022 02:04:15 +0100
Subject: [PATCH] Fix group assignment

---
 hosts/hydra/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
index af07c907..6bdd6fb0 100644
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -170,7 +170,7 @@ in
                 # Important for role mappings to work:
                 use_roles = 1
                 role_basedn = "ou=groups,dc=c3d2,dc=de"
-                role_filter = "(&(objectclass=group)(%s))"
+                role_filter = "(&(objectclass=groupOfNames)(cn=hydra-admins))"
                 role_scope = one
                 role_field = cn
                 role_value = dn
@@ -182,6 +182,7 @@ in
             <role_mapping>
               # maps directly to user roles
               # Make all users in the hydra-admin group Hydra admins
+              # IMPORTANT: if new groups are used, they need to be added to the role_filter above
               hydra-admins = admin
               # Allow all users in the dev group to restart jobs and cancel builds
               #dev = restart-jobs