NixOS configuration for HPC cluster
https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.3 KiB
44 lines
1.3 KiB
{ config, ... }:
|
|
|
|
{
|
|
services.openldap = {
|
|
enable = true;
|
|
settings = {
|
|
children = {
|
|
"cn=schema".includes = [
|
|
"${config.services.openldap.package}/etc/schema/core.ldif"
|
|
"${config.services.openldap.package}/etc/schema/cosine.ldif"
|
|
"${config.services.openldap.package}/etc/schema/inetorgperson.ldif"
|
|
"${config.services.openldap.package}/etc/schema/nis.ldif"
|
|
];
|
|
"olcDatabase={1}mdb" = {
|
|
attrs = {
|
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
|
|
|
olcDatabase = "{1}mdb";
|
|
olcDbDirectory = "/var/lib/openldap/db";
|
|
|
|
olcSuffix = "dc=sc,dc=informatik,dc=hs-fulda,dc=de";
|
|
|
|
olcRootDN = "cn=root,dc=sc,dc=informatik,dc=hs-fulda,dc=de";
|
|
olcRootPW.path = config.sops.secrets."ldap/root/password".path;
|
|
|
|
olcAccess = [
|
|
# Custom access rules for userPassword attributes
|
|
''{0}to attrs=userPassword
|
|
by self write
|
|
by anonymous auth
|
|
by * none''
|
|
|
|
# Allow read on anything else
|
|
''{1}to *
|
|
by * read''
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets."ldap/root/password" = { };
|
|
}
|