From 11be7f44c1dc91f912533b149d71805ec4ef0144 Mon Sep 17 00:00:00 2001 From: Fugi Date: Sun, 23 Jul 2023 22:28:16 +0200 Subject: [PATCH] Patch Portunus to allow using both insecure ldap and ldaps at once --- modules/ldap/0002-both-ldap-and-ldaps.patch | 13 +++++++++++++ modules/ldap/default.nix | 9 ++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 modules/ldap/0002-both-ldap-and-ldaps.patch diff --git a/modules/ldap/0002-both-ldap-and-ldaps.patch b/modules/ldap/0002-both-ldap-and-ldaps.patch new file mode 100644 index 0000000..9ae71a5 --- /dev/null +++ b/modules/ldap/0002-both-ldap-and-ldaps.patch @@ -0,0 +1,13 @@ +diff --git a/cmd/orchestrator/ldap.go b/cmd/orchestrator/ldap.go +index ed0d466..a672046 100644 +--- a/cmd/orchestrator/ldap.go ++++ b/cmd/orchestrator/ldap.go +@@ -130,7 +130,7 @@ func runLDAPServer(environment map[string]string) { + + bindURL := "ldap:///" + if environment["PORTUNUS_SLAPD_TLS_CERTIFICATE"] != "" { +- bindURL = "ldaps:///" ++ bindURL = "ldap:/// ldaps:///" + } + + logg.Info("starting LDAP server") diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index 3c60dde..e8f7a45 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -56,7 +56,10 @@ in services.portunus = { enable = true; package = pkgs.portunus.overrideAttrs (old: { - patches = [ ./0001-update-user-validation-regex.patch ]; + patches = [ + ./0001-update-user-validation-regex.patch + ./0002-both-ldap-and-ldaps.patch + ]; }); inherit domain; @@ -68,9 +71,9 @@ in suffix = "dc=ifsr,dc=de"; searchUserName = "search"; - # disables port 389, use 636 with tls + # normally disables port 389 (but not with our patch), use 636 with tls # `portunus.domain` resolves to localhost - #tls = true; + tls = true; }; };