forked from lix-project/hydra
migrate to new openldap module syntax
This commit is contained in:
parent
59cb44261d
commit
e985a277b3
109
flake.nix
109
flake.nix
|
@ -851,60 +851,63 @@
|
||||||
machine = { pkgs, ... }: {
|
machine = { pkgs, ... }: {
|
||||||
imports = [ hydraServer ];
|
imports = [ hydraServer ];
|
||||||
|
|
||||||
services.openldap = {
|
services.openldap.enable = true;
|
||||||
enable = true;
|
services.openldap.settings.children = {
|
||||||
suffix = "dc=example";
|
"olcDatabase={1}mdb".attrs = {
|
||||||
rootdn = "cn=root,dc=example";
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
rootpw = "notapassword";
|
database = "{1}mdbg";
|
||||||
database = "bdb";
|
olcSuffix = "dc=example";
|
||||||
dataDir = "/var/lib/openldap";
|
olcRootDN = "cn=root,dc=example";
|
||||||
|
olcRootPW = "notapassword";
|
||||||
# userPassword generated via `slappasswd`
|
olcDbDirectory = "/var/lib/openldap";
|
||||||
# The admin user has the password `password` and `user` has the password `foobar`.
|
};
|
||||||
declarativeContents."dc=example" = ''
|
|
||||||
dn: dc=example
|
|
||||||
dc: example
|
|
||||||
o: Root
|
|
||||||
objectClass: top
|
|
||||||
objectClass: dcObject
|
|
||||||
objectClass: organization
|
|
||||||
|
|
||||||
dn: ou=users,dc=example
|
|
||||||
ou: users
|
|
||||||
description: All users
|
|
||||||
objectClass: top
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
|
|
||||||
dn: ou=groups,dc=example
|
|
||||||
ou: groups
|
|
||||||
description: All groups
|
|
||||||
objectClass: top
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
|
|
||||||
dn: cn=hydra_admin,ou=groups,dc=example
|
|
||||||
cn: hydra_admin
|
|
||||||
description: Hydra Admin user group
|
|
||||||
objectClass: groupOfNames
|
|
||||||
member: cn=admin,ou=users,dc=example
|
|
||||||
|
|
||||||
dn: cn=user,ou=users,dc=example
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
sn: user
|
|
||||||
cn: user
|
|
||||||
mail: user@example
|
|
||||||
userPassword: {SSHA}gLgBMb86/3wecoCp8gtORgIF2/qCRpqs
|
|
||||||
|
|
||||||
dn: cn=admin,ou=users,dc=example
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
sn: admin
|
|
||||||
cn: admin
|
|
||||||
mail: admin@example
|
|
||||||
userPassword: {SSHA}BsgOQcRnoiULzwLrGmuzVGH6EC5Dkwmf
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
systemd.services.hdyra-server.environment.CATALYST_DEBUG = "1";
|
|
||||||
|
# userPassword generated via `slappasswd`
|
||||||
|
# The admin user has the password `password` and `user` has the password `foobar`.
|
||||||
|
services.openldap.declarativeContents."dc=example" = ''
|
||||||
|
dn: dc=example
|
||||||
|
dc: example
|
||||||
|
o: Root
|
||||||
|
objectClass: top
|
||||||
|
objectClass: dcObject
|
||||||
|
objectClass: organization
|
||||||
|
|
||||||
|
dn: ou=users,dc=example
|
||||||
|
ou: users
|
||||||
|
description: All users
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
dn: ou=groups,dc=example
|
||||||
|
ou: groups
|
||||||
|
description: All groups
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
dn: cn=hydra_admin,ou=groups,dc=example
|
||||||
|
cn: hydra_admin
|
||||||
|
description: Hydra Admin user group
|
||||||
|
objectClass: groupOfNames
|
||||||
|
member: cn=admin,ou=users,dc=example
|
||||||
|
|
||||||
|
dn: cn=user,ou=users,dc=example
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
sn: user
|
||||||
|
cn: user
|
||||||
|
mail: user@example
|
||||||
|
userPassword: {SSHA}gLgBMb86/3wecoCp8gtORgIF2/qCRpqs
|
||||||
|
|
||||||
|
dn: cn=admin,ou=users,dc=example
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
sn: admin
|
||||||
|
cn: admin
|
||||||
|
mail: admin@example
|
||||||
|
userPassword: {SSHA}BsgOQcRnoiULzwLrGmuzVGH6EC5Dkwmf
|
||||||
|
'';
|
||||||
|
systemd.services.hydra-server.environment.CATALYST_DEBUG = "1";
|
||||||
systemd.services.hydra-server.environment.HYDRA_LDAP_CONFIG = pkgs.writeText "config.yaml"
|
systemd.services.hydra-server.environment.HYDRA_LDAP_CONFIG = pkgs.writeText "config.yaml"
|
||||||
# example config based on https://metacpan.org/source/ILMARI/Catalyst-Authentication-Store-LDAP-1.016/README#L103
|
# example config based on https://metacpan.org/source/ILMARI/Catalyst-Authentication-Store-LDAP-1.016/README#L103
|
||||||
''
|
''
|
||||||
|
|
Loading…
Reference in a new issue