optimisations

* use pyke's re cache
* get an unlimited number of ldap attributes
* get a perturbator for the OTP secret, in case of stolen phone
* lowercase the username, to avoid strange behaviour with the OTP

openvpn-dm-mgt-server.conf.example

@@ -9,8 +9,7 @@ config
             bindCn:             "CN=VPN Service,OU=Services,OU=Dailymotion,DC=office,DC=daily",
             bindPw:             "********************",
             searchFilter:       "(&(sAMAccountName=%s))"
-            primaryAttribute:   "memberOf"
-            secondaryAttribute: "mail"
+            attributes:         [ "memberOf", "mail" ]
             validGroups:
             [
                 "CN=SEC_VPN_Users_External,OU=Security,OU=Groups,OU=Dailymotion,DC=office,DC=daily",
@@ -39,8 +38,7 @@ config
             bindCn:             "CN=VPN Service,OU=Services,OU=Dailymotion,DC=office,DC=daily",
             bindPw:             "********************",
             searchFilter:       "(&(sAMAccountName=%s))"
-            primaryAttribute:   "memberOf"
-            secondaryAttribute: "mail"
+            attributes:         [ "memberOf", "mail" ]
             validGroups:
             [
                 "CN=SEC_VPN,OU=Security,OU=Groups,OU=Dailymotion,DC=office,DC=daily",
@@ -56,8 +54,7 @@ config
             bindCn:             "cn=readonly,dc=dailymotion,dc=com"
             bindPw:             "**********"
             searchFilter:       "(&(mail=%s))"
-            primaryAttribute:   "description"
-            secondaryAttribute: "sshPublicKey"
+            attributes:         [ "description", "sshPublicKey" ]
             upgradeFrom:        "CORP"
             mfa:                ""
             cert:               "optionnal"
@@ -67,7 +64,7 @@ config
         {
             validGroups:
             [
-                "infra2",
+                "infra",
                 "net",
                 "datacenter",
             ]