Description Florian Best 2023-09-26 11:53:21 CEST

Since Bug #46066 UCS 4.3 the memberOf overlay module is enabled for new installations but not for upgraded systems.

The release notes don't say that memberOf overlay is required:
https://docs.software-univention.de/release-notes-4.3-0-en.html#changelog:domain:openldap
> Starting with UCS 4.3 the openldap overlay module for reverse group membership maintenance (memberOf) is activated by default for new installations, see the openldap documentation https://www.openldap.org/doc/admin24/overlays.html#Reverse Group Membership Maintenance for more information. This applies for new installations only, during the update to 4.3 the memberOf overlay module is installed but deactivated (if not already activated). Information on how to activate the memberOf overlay module can be found in https://help.univention.com/t/6439 (Bug 46066).

No further release (release note or preup.sh check) made a requirement to enforce the enabling of memberOf overlay.

The current docs also mention that one can configure the used "memberOf" attribute:
https://docs.software-univention.de/manual/5.0/en/groups.html#overlay-module-for-displaying-the-group-information-on-user-objects

Without the memberOf overlay module enabled UDM group memberships, UDM REST API access and some SAML features don't work.

We should:
* drop the configurability of the memberOf overlay module: hardcode that it is enabled and the attribute is named "memberOf"
* add to the release notes that it is required
* remove configurability from the manual
* add a preup.sh check, which checks if it is enabled.