switch to ldaps
This commit is contained in:
parent
6bed81c8a9
commit
c6ebb06f68
GPG key ID:
4472A20091BFA792
6 changed files with 19 additions and 22 deletions
|
|
@ -44,15 +44,17 @@ in
|
|||
allowAnonymousEdits = true;
|
||||
defaultPermission = "limited";
|
||||
# ldap auth
|
||||
ldap = rec {
|
||||
url = "ldap://localhost";
|
||||
searchBase = "ou=users,${config.services.portunus.ldap.suffix}";
|
||||
searchFilter = "(uid={{username}})";
|
||||
bindDn = "uid=${config.services.portunus.ldap.searchUserName},${searchBase}";
|
||||
bindCredentials = "\${LDAP_CREDENTIALS}";
|
||||
useridField = "uid";
|
||||
providerName = "iFSR";
|
||||
};
|
||||
ldap =
|
||||
let portunus = config.services.portunus;
|
||||
in rec {
|
||||
url = "ldaps://${portunus.domain}";
|
||||
searchBase = "ou=users,${portunus.ldap.suffix}";
|
||||
searchFilter = "(uid={{username}})";
|
||||
bindDn = "uid=${portunus.ldap.searchUserName},${searchBase}";
|
||||
bindCredentials = "\${LDAP_CREDENTIALS}";
|
||||
useridField = "uid";
|
||||
providerName = "iFSR";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -7,18 +7,13 @@ let
|
|||
name = "admins";
|
||||
long_name = "Portunus Admin";
|
||||
members = [ "admin" ];
|
||||
permissions = {
|
||||
portunus.is_admin = true;
|
||||
ldap.can_read = true;
|
||||
};
|
||||
permissions.portunus.is_admin = true;
|
||||
}
|
||||
{
|
||||
name = "search";
|
||||
long_name = "LDAP search group";
|
||||
members = [ "search" ];
|
||||
permissions = {
|
||||
ldap.can_read = true;
|
||||
};
|
||||
permissions.ldap.can_read = true;
|
||||
}
|
||||
{
|
||||
name = "fsr";
|
||||
|
|
@ -73,7 +68,7 @@ in
|
|||
|
||||
# disables port 389, use 636 with tls
|
||||
# `portunus.domain` resolves to localhost
|
||||
tls = false;
|
||||
tls = true;
|
||||
};
|
||||
|
||||
seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);
|
||||
|
|
@ -113,7 +108,7 @@ in
|
|||
let portunus = config.services.portunus;
|
||||
in rec {
|
||||
enable = true;
|
||||
server = "ldap://localhost";
|
||||
server = "ldaps://${portunus.domain}";
|
||||
base = "ou=users,${portunus.ldap.suffix}";
|
||||
bind = {
|
||||
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ let
|
|||
#result_attribute=mail
|
||||
#'';
|
||||
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
|
||||
uris = ldap://localhost
|
||||
uris = ldaps://${config.services.portunus.domain}
|
||||
dn = uid=search, ou=users, dc=ifsr, dc=de
|
||||
auth_bind = yes
|
||||
!include ${config.sops.secrets."dovecot_ldap_search".path}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
siteOwner = "root@${config.fsr.domain}";
|
||||
ldap = {
|
||||
enable = true;
|
||||
serverUri = "ldap://localhost";
|
||||
serverUri = "ldaps://${config.services.portunus.domain}";
|
||||
bindDn = "uid=search, ou=users, dc=ifsr, dc=de";
|
||||
bindPasswordFile = config.sops.secrets.mailman_ldap_search.path;
|
||||
userSearch = {
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ in
|
|||
- module: ldap_auth_provider.LdapAuthProviderModule
|
||||
config:
|
||||
enabled: true
|
||||
uri: ldap://localhost
|
||||
uri: ldaps://${portunus.domain}
|
||||
base: ou=users,${portunus.ldap.suffix}
|
||||
# taken from kaki config
|
||||
attributes:
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ in
|
|||
baseDN = "ou=users, dc=ifsr, dc=de";
|
||||
bindDN = "uid=search, ou=users, dc=ifsr, dc=de";
|
||||
bindPassword = LDAP_SEARCH;
|
||||
hostname = "ldap://localhost";
|
||||
hostname = "ldaps://${config.services.portunus.domain}";
|
||||
canAuthenticate = YES;
|
||||
id = directory;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue