Update mattermost doc (#2330)

doc/sources/admin/applications/mattermost.rst

@@ -101,15 +101,15 @@ with the following parameters:
    * ``username``: set it to the session attribute containing the user login
    * ``name``: session attribute containing the user's full name
    * ``email``: session attribute containing the user's email
-   * ``id``: session attribute containing the user's numeric ID
-
+   * ``id``: session attribute containing the user's numeric ID. You must set
+     this claim type to *Integer*
 
 .. danger::
 
-    Mattermost absolutely needs to receive a numerical value
-    in the ``id`` claim. If you are using a LDAP server, you could use the
-    ``uidNumber`` LDAP attribute. If you use something else, you will have
-    to find a trick to assign a unique numeric ID to each Mattermost user.
+    Mattermost absolutely needs to receive a numerical value in the ``id``
+    claim. If you are using a LDAP server, you could use the ``uidNumber`` LDAP
+    attribute. If you use something else, you will have to find a way to
+    assign a unique numeric ID to each Mattermost user.
 
     The ``id`` attribute has to be different for each user, since this is
     the field Mattermost will use internally to map Gitlab identities to
@@ -123,10 +123,10 @@ in ``(*GitLabUser).IsValid(...)`` , it probably means that you are not
 exporting the correct attributes, but it can also mean that ``id`` is
 exported as a JSON string.
 
-If this case, it can help to create a macro, for example
-``uidNumber_n``, with a value of ``$uidNumber + 0`` to force conversion
-to a numeric value. You must then export it as the ``id`` field in the
-Relaying Party configuration.
+.. note::
+   An issue in version 2.0.9 prevented the ``id`` field from being sent correctly.
+   Upgrade your LemonLDAP-NG installation to at least 2.0.10 and :ref:`set the claim
+   type <oidcexportedattr>` to *Integer*
 
 .. |image0| image:: /applications/mattermost_logo.png
    :class: align-center

doc/sources/admin/idpopenidconnect.rst

@@ -166,6 +166,8 @@ claim <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__.
 
 .. include:: openidconnectclaims.rst
 
+.. _oidcexportedattr:
+
 For each OpenID Connect claim you want to release to applications, you can define:
 
 * **Claim name**: the name of the claim as it will appear in Userinfo responses

doc/sources/admin/upgrade_2_0_x.rst

@@ -24,6 +24,7 @@ backups and a rollback plan ready!
 - TOTP check tolerates forward AND backward clock drift (totp2fRange)
 - Avoid assignment in expressions option is disabled by default
 - RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2401>`__
+- If you use :doc:`applications/mattermost` with OpenID Connect, you need to set the ``id`` claim type to *Integer*
 
 2.0.9
 -----
@@ -35,6 +36,7 @@ backups and a rollback plan ready!
 -  SAML SOAP calls are now using ``text/xml`` instead of ``application/xml`` as the MIME Content Type, as required by `the SOAP standard <https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383526>`__
 -  Incremental lock times values can now be set in BruteForceProtection plugin through Manager.
    It MUST be a list of comma separated values. Default values are ``5, 15, 60, 300, 600``
+-  This version is not compatible with :doc:`applications/mattermost`
 
 Cookie issues with Chrome
 ~~~~~~~~~~~~~~~~~~~~~~~~~