migrate to new openldap module syntax

This commit is contained in:
Jörg Thalheim 2021-09-23 20:32:09 +02:00
parent 59cb44261d
commit e985a277b3

109
flake.nix
View file

@ -851,60 +851,63 @@
machine = { pkgs, ... }: { machine = { pkgs, ... }: {
imports = [ hydraServer ]; imports = [ hydraServer ];
services.openldap = { services.openldap.enable = true;
enable = true; services.openldap.settings.children = {
suffix = "dc=example"; "olcDatabase={1}mdb".attrs = {
rootdn = "cn=root,dc=example"; objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
rootpw = "notapassword"; database = "{1}mdbg";
database = "bdb"; olcSuffix = "dc=example";
dataDir = "/var/lib/openldap"; olcRootDN = "cn=root,dc=example";
olcRootPW = "notapassword";
# userPassword generated via `slappasswd` olcDbDirectory = "/var/lib/openldap";
# The admin user has the password `password` and `user` has the password `foobar`. };
declarativeContents."dc=example" = ''
dn: dc=example
dc: example
o: Root
objectClass: top
objectClass: dcObject
objectClass: organization
dn: ou=users,dc=example
ou: users
description: All users
objectClass: top
objectClass: organizationalUnit
dn: ou=groups,dc=example
ou: groups
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: cn=hydra_admin,ou=groups,dc=example
cn: hydra_admin
description: Hydra Admin user group
objectClass: groupOfNames
member: cn=admin,ou=users,dc=example
dn: cn=user,ou=users,dc=example
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: user
cn: user
mail: user@example
userPassword: {SSHA}gLgBMb86/3wecoCp8gtORgIF2/qCRpqs
dn: cn=admin,ou=users,dc=example
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: admin
cn: admin
mail: admin@example
userPassword: {SSHA}BsgOQcRnoiULzwLrGmuzVGH6EC5Dkwmf
'';
}; };
systemd.services.hdyra-server.environment.CATALYST_DEBUG = "1";
# userPassword generated via `slappasswd`
# The admin user has the password `password` and `user` has the password `foobar`.
services.openldap.declarativeContents."dc=example" = ''
dn: dc=example
dc: example
o: Root
objectClass: top
objectClass: dcObject
objectClass: organization
dn: ou=users,dc=example
ou: users
description: All users
objectClass: top
objectClass: organizationalUnit
dn: ou=groups,dc=example
ou: groups
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: cn=hydra_admin,ou=groups,dc=example
cn: hydra_admin
description: Hydra Admin user group
objectClass: groupOfNames
member: cn=admin,ou=users,dc=example
dn: cn=user,ou=users,dc=example
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: user
cn: user
mail: user@example
userPassword: {SSHA}gLgBMb86/3wecoCp8gtORgIF2/qCRpqs
dn: cn=admin,ou=users,dc=example
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: admin
cn: admin
mail: admin@example
userPassword: {SSHA}BsgOQcRnoiULzwLrGmuzVGH6EC5Dkwmf
'';
systemd.services.hydra-server.environment.CATALYST_DEBUG = "1";
systemd.services.hydra-server.environment.HYDRA_LDAP_CONFIG = pkgs.writeText "config.yaml" systemd.services.hydra-server.environment.HYDRA_LDAP_CONFIG = pkgs.writeText "config.yaml"
# example config based on https://metacpan.org/source/ILMARI/Catalyst-Authentication-Store-LDAP-1.016/README#L103 # example config based on https://metacpan.org/source/ILMARI/Catalyst-Authentication-Store-LDAP-1.016/README#L103
'' ''