diff options
| author | Nicolas Pierron <nicolas.b.pierron@gmail.com> | 2011-10-02 13:24:10 +0000 |
|---|---|---|
| committer | Nicolas Pierron <nicolas.b.pierron@gmail.com> | 2011-10-02 13:24:10 +0000 |
| commit | 47a19416961e0367b929714fcb5251e4d13a1bd0 (patch) | |
| tree | 9eb55919dd5bb404fbef77f1e529fa1be057b06e /modules/config/ldap.nix | |
| parent | 3a201ef6a78cfcd6a98a1c136543fd38711dbbbe (diff) | |
| download | nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar.gz nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar.bz2 nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar.lz nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar.xz nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.tar.zst nixpkgs-47a19416961e0367b929714fcb5251e4d13a1bd0.zip | |
LDAP non-anonymous bind.
Patch by Rickard Nilsson. svn path=/nixos/trunk/; revision=29563
Diffstat (limited to 'modules/config/ldap.nix')
| -rw-r--r-- | modules/config/ldap.nix | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/modules/config/ldap.nix b/modules/config/ldap.nix index 56f693f362e..4c2924b5975 100644 --- a/modules/config/ldap.nix +++ b/modules/config/ldap.nix @@ -2,7 +2,7 @@ ###### interface let - inherit (pkgs.lib) mkOption mkIf; + inherit (pkgs.lib) mkOption mkIf optionalString stringAfter; options = { users = { @@ -39,6 +39,27 @@ let "; }; + bind = { + distinguishedName = mkOption { + default = ""; + example = "cn=admin,dc=example,dc=com"; + type = with pkgs.lib.types; string; + description = " + The distinguished name to bind to the LDAP server with. If this + is not specified, an anonymous bind will be done. + "; + }; + + password = mkOption { + default = "/etc/ldap/bind.password"; + type = with pkgs.lib.types; string; + description = " + The path to a file containing the credentials to use when binding + to the LDAP server (if not binding anonymously). + "; + }; + }; + }; }; }; @@ -62,10 +83,14 @@ mkIf config.users.ldap.enable { uri ${config.users.ldap.server} base ${config.users.ldap.base} - ${if config.users.ldap.useTLS then '' + ${optionalString config.users.ldap.useTLS '' ssl start_tls tls_checkpeer no - '' else ""} + ''} + + ${optionalString (config.users.ldap.bind.distinguishedName != "") '' + binddn ${config.users.ldap.bind.distinguishedName} + ''} ''; target = "ldap.conf"; } @@ -73,4 +98,14 @@ mkIf config.users.ldap.enable { ]; }; + system.activationScripts.ldap = stringAfter [ "etc" ] ( + optionalString (config.users.ldap.bind.distinguishedName != "") '' + if test -f "${config.users.ldap.bind.password}" ; then + echo "bindpw $(cat ${config.users.ldap.bind.password})" | cat /etc/ldap.conf - > /etc/ldap.conf.bindpw + mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf + chmod 600 /etc/ldap.conf + fi + '' + ); + } |