fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

ldap: made ldap library, changed methods around, etc. etc.

Browse source 
just read it and feel cursed.
This commit is contained in:
eyjhb 2024-08-20 23:16:46 +02:00
parent 3ab76ae616
commit 106374ce32
Signed by: eyjhb
GPG key ID: 609F508E3239F920
5 changed files with 83 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

30
machines/gerd/services/nextcloud.nix
View file

@ -26,20 +26,34 @@ let
ldapHost = "localhost";
ldapPort = 3890;
ldapAgentName = config.mine.shared.settings.ldap.bind_dn;
# ldapAgentPassword = "n$dYTi7@!3v#sTbF2AV7mW7szS2Z$oFV";
# ldapAgentPassword = "<insert-from-secret-env>";
# EDIT: Base DN
ldapBase = config.mine.shared.settings.ldap.dc;
ldapBaseUsers = config.mine.shared.settings.ldap.dc;
ldapBaseGroups = config.mine.shared.settings.ldap.dc;
ldapLoginFilter = "(&(objectclass=person)(${config.mine.shared.settings.ldap.attr.uid}=%uid))";
ldapLoginFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
llib.mkAnd [
(llib.mkOC lconfig.oc.person)
(llib.mkSearch lconfig.attr.uid "%uid")
]
);
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
ldapUserFilter = "(&(objectclass=person)${config.mine.shared.settings.ldap.user_filter})";
ldapUserFilterObjectclass = "person";
ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(|(cn=${config.mine.shared.settings.ldap.groups.admin})(cn=${config.mine.shared.settings.ldap.groups.member})))";
ldapUserFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
llib.mkAnd [
(llib.mkOC lconfig.oc.person)
(llib.mkGroup lconfig.groups.member)
]
);
ldapUserFilterObjectclass = config.mine.shared.settings.ldap.oc.person;
ldapGroupFilter = config.mine.shared.lib.ldap.mkFilter (lconfig: llib:
llib.mkAnd [
(llib.mkOC lconfig.oc.groupOfUniqueNames)
(llib.mkOr [ "cn=${lconfig.groups.admin}" "cn=${lconfig.groups.member}"])
]
);
ldapGroupFilterGroups = "admin;user";
ldapGroupFilterObjectclass = "groupOfUniqueNames";
ldapGroupFilterObjectclass = config.mine.shared.settings.ldap.oc.groupOfUniqueNames;
ldapGroupMemberAssocAttr = "uniqueMember";
ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email;
ldapUserFilterMode = 1;