public
/
paris-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Okay, set an access filter

This commit is contained in:
niten 2024-06-05 23:11:35 -07:00
parent faf888ddaf
commit 58b406465c
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
paris-container.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }@toplevel:
with lib; with lib;
let let
@ -65,6 +65,13 @@ in {
default = 4389; default = 4389;
}; };
access-group = mkOption {
type = str;
description = "Group to which users must belong for access.";
default = let ldapCfg = toplevel.config.fudo.paris-container.ldap;
in "cn=shell,${ldapCfg.group-ou},${ldapCfg.base}";
};
domain = mkOption { domain = mkOption {
type = str; type = str;
description = description =
@ -340,6 +347,8 @@ in {
ldap_group_object_class = "group"; ldap_group_object_class = "group";
ldap_group_name = "cn"; ldap_group_name = "cn";
ldap_access_filter = "memberOf=${cfg.ldap.access-group}";
ldap_default_bind_dn = cfg.ldap.bind-dn; ldap_default_bind_dn = cfg.ldap.bind-dn;
ldap_default_authtok = "$LDAP_DEFAULT_AUTHTOKEN"; ldap_default_authtok = "$LDAP_DEFAULT_AUTHTOKEN";
}; };