matrix login with ldap working for test user
root
parent
58dd7a02d1
commit
f7ec66b93e
|
|
@ -54,7 +54,11 @@
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
networking.firewall.allowPing = false;
|
||||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
iptables -A INPUT -p tcp -s 95.90.121.54 -j ACCEPT
|
||||||
|
'';
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.loooph = {
|
users.users.loooph = {
|
||||||
|
|
|
||||||
|
|
@ -54,5 +54,19 @@ in {
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
password_providers:
|
||||||
|
- module: "ldap_auth_provider.LdapAuthProvider"
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
mode: "search"
|
||||||
|
uri: "ldap://bib3.de:389"
|
||||||
|
start_tls: true
|
||||||
|
base: "ou=users,o=bib3,c=DE"
|
||||||
|
attributes:
|
||||||
|
uid: "cn"
|
||||||
|
mail: "mail"
|
||||||
|
name: "givenName"
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
22
openldap.nix
22
openldap.nix
|
|
@ -1,12 +1,24 @@
|
||||||
{config, pkgs, ...}:
|
{config, pkgs, ...}:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# let's hope this works
|
||||||
|
security.acme.certs."bib3.de".postRun = ''
|
||||||
|
install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap
|
||||||
|
install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap
|
||||||
|
'';
|
||||||
|
|
||||||
services.openldap = {
|
services.openldap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/openldap";
|
dataDir = "/var/lib/openldap";
|
||||||
rootpwFile = "/etc/nixos/secret/openldaproot.pw";
|
rootpwFile = "/etc/nixos/secret/openldaproot.pw";
|
||||||
suffix = "o=bib3,c=DE";
|
suffix = "o=bib3,c=DE";
|
||||||
rootdn = "cn=admin,o=bib3,c=DE";
|
rootdn = "cn=admin,o=bib3,c=DE";
|
||||||
|
extraConfig = ''
|
||||||
|
TLSCipherSuite DEFAULT
|
||||||
|
TLSCACertificateFile /var/lib/ssl/openldap/chain.pem
|
||||||
|
TLSCertificateFile /var/lib/ssl/openldap/cert.pem
|
||||||
|
TLSCertificateKeyFile /var/lib/ssl/openldap/key.pem
|
||||||
|
'';
|
||||||
declarativeContents = ''
|
declarativeContents = ''
|
||||||
dn: o=bib3, c=DE
|
dn: o=bib3, c=DE
|
||||||
objectclass: organization
|
objectclass: organization
|
||||||
|
|
@ -16,9 +28,13 @@
|
||||||
ou: users
|
ou: users
|
||||||
|
|
||||||
dn: cn=test, ou=users, o=bib3, c=DE
|
dn: cn=test, ou=users, o=bib3, c=DE
|
||||||
objectclass: person
|
objectclass: InetOrgPerson
|
||||||
cn: test
|
cn: testcn
|
||||||
sn: test
|
sn: testsn
|
||||||
|
givenName: test test
|
||||||
|
mail: test@test.de
|
||||||
|
userPassword: {CRYPT}$6$ssV7iTyDF7VMB.gx$DKUJgb/M5q.nd0/ilBTQRaR/pw9bMGhbrCp0CSD9Mt1epgoXYu9LA9P4UtWOyVV/QV3LHvJNoiBsfZMcBMAQN.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# TODO move users to seperate files
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue