wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

Patch Portunus to allow using both insecure ldap and ldaps at once

Browse source
This commit is contained in:
Lyn Fugmann 2023-07-23 22:28:16 +02:00 committed by Rouven Seifert
parent c992331bbd
commit 11be7f44c1
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
modules/ldap/0002-both-ldap-and-ldaps.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/cmd/orchestrator/ldap.go b/cmd/orchestrator/ldap.go
index ed0d466..a672046 100644
--- a/cmd/orchestrator/ldap.go
+++ b/cmd/orchestrator/ldap.go
@@ -130,7 +130,7 @@ func runLDAPServer(environment map[string]string) {
bindURL := "ldap:///"
if environment["PORTUNUS_SLAPD_TLS_CERTIFICATE"] != "" {
- bindURL = "ldaps:///"
+ bindURL = "ldap:/// ldaps:///"
}
logg.Info("starting LDAP server")

9
modules/ldap/default.nix
View file

@ -56,7 +56,10 @@ in
services.portunus = {
enable = true;
package = pkgs.portunus.overrideAttrs (old: {
patches = [ ./0001-update-user-validation-regex.patch ];
patches = [
./0001-update-user-validation-regex.patch
./0002-both-ldap-and-ldaps.patch
];
});
inherit domain;
@ -68,9 +71,9 @@ in
suffix = "dc=ifsr,dc=de";
searchUserName = "search";
# disables port 389, use 636 with tls
# normally disables port 389 (but not with our patch), use 636 with tls
# `portunus.domain` resolves to localhost
#tls = true;
tls = true;
};
};