You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
{ lib, config, ... }:
with lib;
let baseDN = concatMapStringsSep "," (part: "dc=${part}") (splitString "." config.networking.domain);in{ services.openldap = { enable = true; settings = { children = { "cn=schema".includes = [ "${config.services.openldap.package}/etc/schema/core.ldif" "${config.services.openldap.package}/etc/schema/cosine.ldif" "${config.services.openldap.package}/etc/schema/inetorgperson.ldif" "${config.services.openldap.package}/etc/schema/nis.ldif" ]; "olcDatabase={1}mdb" = { attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap/db";
olcSuffix = baseDN;
olcRootDN = "cn=root,${baseDN}"; olcRootPW.path = config.sops.secrets."ldap/root/password".path;
olcAccess = [ # Custom access rules for userPassword attributes ''{0}to attrs=userPassword
by self write by anonymous auth by * none''
# Allow read on anything else ''{1}to *
by * read'' ]; }; }; }; }; declarativeContents.${baseDN} = ''
dn: ${baseDN} objectClass: top objectClass: dcObject objectClass: organization o: ${config.networking.domain}
dn: ou=users,${baseDN} objectClass: top objectClass: organizationalUnit '';
};
sops.secrets."ldap/root/password" = { owner = "openldap"; };
hpc.hostFile.aliases = [ "ldap.${config.networking.domain}" ];}
|
