blob: 92a7c1a02632ca6c506952bbc150b9220eed4d03 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
{
pkgs,
config,
...
}: {
secrets.ldap-root = {
file = ./secrets/ldap-root.age;
mode = "444";
};
services.openldap = {
enable = true;
urlList = ["ldap:///"];
# mutableConfig = true;
settings = {
attrs = {
olcLogLevel = "conns config";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
"${pkgs.openldap}/etc/schema/misc.ldif"
"${pkgs.openldap}/etc/schema/nis.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=m4siri,dc=com";
olcRootDN = "cn=admin,dc=m4siri,dc=com";
olcRootPW.path = config.secrets.ldap-root.path;
olcAccess = [
'' {0}to attrs=userPassword
by dn="cn=searchuser,ou=users,dc=m4siri,dc=com" read
by self write
by anonymous auth
by * none''
'' {1}to *
by * read''
];
};
};
};
declarativeContents = {
"dc=m4siri,dc=com" = builtins.readFile ./secrets/ldap-content;
};
};
}
|
