fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

gerd.nextcloud: ldap promote admin group

Browse source
This commit is contained in:
eyjhb 2024-08-14 21:55:33 +02:00
parent 239cb6f9b2
commit 492236862c
No known key found for this signature in database
GPG key ID: 609F508E3239F920
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
machines/gerd/services/nextcloud.nix
View file

@ -36,8 +36,8 @@ let
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
ldapUserFilter = "(&(objectclass=person)${config.mine.shared.settings.ldap.user_filter})";
ldapUserFilterObjectclass = "person";
ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(cn=${config.mine.shared.settings.ldap.groups.member}))";
ldapGroupFilterGroups = config.mine.shared.settings.ldap.groups.member;
ldapGroupFilter = "(&(objectclass=groupOfUniqueNames)(|(cn=${config.mine.shared.settings.ldap.groups.admin})(cn=${config.mine.shared.settings.ldap.groups.member})))";
ldapGroupFilterGroups = "admin;user";
ldapGroupFilterObjectclass = "groupOfUniqueNames";
ldapGroupMemberAssocAttr = "uniqueMember";
ldapEmailAttribute = config.mine.shared.settings.ldap.attr.email;
@ -59,10 +59,13 @@ let
# create new empty config
${occ} ldap:create-empty-config
# setup password
# setup ldap password
BIND_USERPASS="$(cat $CREDENTIALS_DIRECTORY/lldap-bind-user-pass)"
${occ} ldap:set-config s01 ldapAgentPassword "$BIND_USERPASS"
# promote ldap admin group to admins
${occ} ldap:promote-group ${config.mine.shared.settings.ldap.groups.admin} || true
# set settings
${builtins.concatStringsSep "\n" ldap_commands}
'';