LDAP non-anonymous bind.
Patch by Rickard Nilsson. svn path=/nixos/trunk/; revision=29563
This commit is contained in:
parent
3a201ef6a7
commit
47a1941696
@ -2,7 +2,7 @@
|
||||
|
||||
###### interface
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf;
|
||||
inherit (pkgs.lib) mkOption mkIf optionalString stringAfter;
|
||||
|
||||
options = {
|
||||
users = {
|
||||
@ -39,6 +39,27 @@ let
|
||||
";
|
||||
};
|
||||
|
||||
bind = {
|
||||
distinguishedName = mkOption {
|
||||
default = "";
|
||||
example = "cn=admin,dc=example,dc=com";
|
||||
type = with pkgs.lib.types; string;
|
||||
description = "
|
||||
The distinguished name to bind to the LDAP server with. If this
|
||||
is not specified, an anonymous bind will be done.
|
||||
";
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
default = "/etc/ldap/bind.password";
|
||||
type = with pkgs.lib.types; string;
|
||||
description = "
|
||||
The path to a file containing the credentials to use when binding
|
||||
to the LDAP server (if not binding anonymously).
|
||||
";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -62,10 +83,14 @@ mkIf config.users.ldap.enable {
|
||||
uri ${config.users.ldap.server}
|
||||
base ${config.users.ldap.base}
|
||||
|
||||
${if config.users.ldap.useTLS then ''
|
||||
${optionalString config.users.ldap.useTLS ''
|
||||
ssl start_tls
|
||||
tls_checkpeer no
|
||||
'' else ""}
|
||||
''}
|
||||
|
||||
${optionalString (config.users.ldap.bind.distinguishedName != "") ''
|
||||
binddn ${config.users.ldap.bind.distinguishedName}
|
||||
''}
|
||||
'';
|
||||
target = "ldap.conf";
|
||||
}
|
||||
@ -73,4 +98,14 @@ mkIf config.users.ldap.enable {
|
||||
];
|
||||
};
|
||||
|
||||
system.activationScripts.ldap = stringAfter [ "etc" ] (
|
||||
optionalString (config.users.ldap.bind.distinguishedName != "") ''
|
||||
if test -f "${config.users.ldap.bind.password}" ; then
|
||||
echo "bindpw $(cat ${config.users.ldap.bind.password})" | cat /etc/ldap.conf - > /etc/ldap.conf.bindpw
|
||||
mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
|
||||
chmod 600 /etc/ldap.conf
|
||||
fi
|
||||
''
|
||||
);
|
||||
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user