wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

use search user for ldap

Browse source
This commit is contained in:
Rouven Seifert 2023-02-03 15:37:56 +01:00
parent 4e687b1484
commit e893690e1d
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
modules/mail.nix
View file

@ -2,18 +2,20 @@
let
hostname = "mail.${config.fsr.domain}";
domain = config.fsr.domain;
ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
server_host = ldaps://auth.${config.fsr.domain}
search_base = dc=ifsr, dc=de
'';
# brauchen wir das überhaupt?
#ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
#server_host = ldap://localhost
#search_base = ou=mail, dc=ifsr, dc=de
#'';
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
uris = auth.${config.fsr.domain}
dn = uid=search, ou=admins, dc=ifsr, dc=de
uris = ldap://localhost
dn = uid=search, ou=users, dc=ifsr, dc=de
auth_bind = yes
dnpass = $(${pkgs.coreutils}/bin/cat /run/secrets/portunus_search)
ldap_version = 3
scope = subtree
base = ou=ifsr, dc=ifsr, dc=de
base = dc=ifsr, dc=de
user_filter = (&(ou=mail)(uid=%n))
pass_filter = (&(ou=mail)(uid=%n))
'';
@ -39,7 +41,7 @@ in
"permit_sasl_authenticated"
"permit_mynetworks"
];
alias_maps = [ "ldap:${ldap-aliases}" ];
#alias_maps = [ "ldap:${ldap-aliases}" ];
smtpd_sasl_auth_enable = true;
smtpd_sasl_path = "/var/lib/postfix/auth";
virtual_mailbox_base = "/var/spool/mail";
@ -71,8 +73,6 @@ in
};
extraConfig = ''
mail_location = maildir:/var/mail/%u
auth_mechanisms = plain login
disable_plaintext_auth = no
passdb {
driver = ldap
args = ${dovecot-ldap-args}