blob: 294a6636d7192ab56b4ae2f050b538ee93399dee (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# Configures an OpenLDAP instance for TVL
#
# TODO(tazjin): Configure ldaps://
{ pkgs, config, ... }:
{
services.openldap = {
enable = true;
dataDir = "/var/lib/openldap";
suffix = "dc=tvl,dc=fyi";
rootdn = "cn=admin,dc=tvl,dc=fyi";
rootpw = "{SSHA}yEEO6Ol2W3ritdiJzPSsjOtyPGxWF2JW";
# Contents are immutable at runtime, and adding user accounts etc.
# is done statically in the LDIF-formatted contents in this folder.
declarativeContents = builtins.readFile ./contents.ldif;
# ACL configuration
extraDatabaseConfig = ''
# Allow users to change their own password
access to attrs=userPassword
by self write
by anonymous auth
by users none
# Allow default read access to other directory elements
access to * by * read
'';
};
}
|