public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LDAP non-anonymous bind.

Browse Source 
Patch by Rickard Nilsson.

svn path=/nixos/trunk/; revision=29563
This commit is contained in:
Nicolas Pierron 2011-10-02 13:24:10 +00:00
parent 3a201ef6a7
commit 47a1941696
1 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
modules/config/ldap.nix
View File

@ -2,7 +2,7 @@
###### interface ###### interface
let let
inherit (pkgs.lib) mkOption mkIf; inherit (pkgs.lib) mkOption mkIf optionalString stringAfter;
options = { options = {
users = { users = {
@ -39,6 +39,27 @@ let
"; ";
}; };
bind = {
distinguishedName = mkOption {
default = "";
example = "cn=admin,dc=example,dc=com";
type = with pkgs.lib.types; string;
description = "
The distinguished name to bind to the LDAP server with. If this
is not specified, an anonymous bind will be done.
";
};
password = mkOption {
default = "/etc/ldap/bind.password";
type = with pkgs.lib.types; string;
description = "
The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
";
};
};
}; };
}; };
}; };
@ -62,10 +83,14 @@ mkIf config.users.ldap.enable {
uri ${config.users.ldap.server} uri ${config.users.ldap.server}
base ${config.users.ldap.base} base ${config.users.ldap.base}
${if config.users.ldap.useTLS then '' ${optionalString config.users.ldap.useTLS ''
ssl start_tls ssl start_tls
tls_checkpeer no tls_checkpeer no
'' else ""} ''}
${optionalString (config.users.ldap.bind.distinguishedName != "") ''
binddn ${config.users.ldap.bind.distinguishedName}
''}
''; '';
target = "ldap.conf"; target = "ldap.conf";
} }
@ -73,4 +98,14 @@ mkIf config.users.ldap.enable {
]; ];
}; };
system.activationScripts.ldap = stringAfter [ "etc" ] (
optionalString (config.users.ldap.bind.distinguishedName != "") ''
if test -f "${config.users.ldap.bind.password}" ; then
echo "bindpw $(cat ${config.users.ldap.bind.password})" | cat /etc/ldap.conf - > /etc/ldap.conf.bindpw
mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
chmod 600 /etc/ldap.conf
fi
''
);
} }