wurzel/fruitbasket
10
1
Fork 1
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

switch to ldaps

Browse source
This commit is contained in:
Lyn Fugmann 2023-06-15 17:48:20 +02:00
parent 6bed81c8a9
commit c6ebb06f68
Signed by: fugi
GPG key ID: 4472A20091BFA792
6 changed files with 19 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/ldap.nix
View file

@ -7,18 +7,13 @@ let
name = "admins";
long_name = "Portunus Admin";
members = [ "admin" ];
permissions = {
portunus.is_admin = true;
ldap.can_read = true;
};
permissions.portunus.is_admin = true;
}
{
name = "search";
long_name = "LDAP search group";
members = [ "search" ];
permissions = {
ldap.can_read = true;
};
permissions.ldap.can_read = true;
}
{
name = "fsr";
@ -73,7 +68,7 @@ in
# disables port 389, use 636 with tls
# `portunus.domain` resolves to localhost
tls = false;
tls = true;
};
seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);
@ -113,7 +108,7 @@ in
let portunus = config.services.portunus;
in rec {
enable = true;
server = "ldap://localhost";
server = "ldaps://${portunus.domain}";
base = "ou=users,${portunus.ldap.suffix}";
bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";