Okay, use LDAP bind-dn

2023-09-29 14:51:54 -07:00 · 2023-09-29 14:51:54 -07:00 · b81cd98065
parent b51af05f84
commit b81cd98065
1 changed files with 11 additions and 11 deletions
--- a/mail-server.nix
+++ b/mail-server.nix
@ -114,16 +114,16 @@ in {
        description = "Token with which to authenticate to the Authentik host.";
      };

-      # bind-dn = mkOption {
-      #   type = str;
-      #   description = "DN as which to bind with the LDAP server.";
-      # };
+      bind-dn = mkOption {
+        type = str;
+        description = "DN as which to bind with the LDAP server.";
+      };

-      # bind-password-file = mkOption {
-      #   type = str;
-      #   description =
-      #     "File containing password with which to bind with the LDAP server.";
-      # };
+      bind-password-file = mkOption {
+        type = str;
+        description =
+          "File containing password with which to bind with the LDAP server.";
+      };

      base = mkOption {
        type = str;
@ -240,8 +240,8 @@ in {
          (concatStringsSep "\n" [
            "uris = ldap://ldap-proxy:3389"
            "ldap_version = 3"
-            # "dn = ${cfg.ldap.bind-dn}"
-            # "dnpass = ${readFile cfg.ldap.bind-password-file}"
+            "dn = ${cfg.ldap.bind-dn}"
+            "dnpass = ${readFile cfg.ldap.bind-password-file}"
            "auth_bind = yes"
            "auth_bind_userdn = uid=%u,${cfg.ldap.member-ou},${cfg.ldap.base}"
            "base = ${cfg.ldap.base}"