matrix login with ldap working for test user

2020-09-18 22:25:49 +00:00 · 2020-09-18 22:25:49 +00:00 · f7ec66b93e
parent 58dd7a02d1
commit f7ec66b93e
3 changed files with 37 additions and 3 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -54,7 +54,11 @@

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
+  networking.firewall.allowPing = false;
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -p tcp -s 95.90.121.54 -j ACCEPT
+  '';

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.loooph = {
--- a/matrix-synapse.nix
+++ b/matrix-synapse.nix
@ -54,5 +54,19 @@ in {
        ];
      }
    ];
+    extraConfig = ''
+      password_providers:
+       - module: "ldap_auth_provider.LdapAuthProvider"
+         config:
+           enabled: true
+           mode: "search"
+           uri: "ldap://bib3.de:389"
+           start_tls: true
+           base: "ou=users,o=bib3,c=DE"
+           attributes:
+              uid: "cn"
+              mail: "mail"
+              name: "givenName"
+    '';
  };
 }
--- a/openldap.nix
+++ b/openldap.nix
@ -1,12 +1,24 @@
 {config, pkgs, ...}:

 {
+  # let's hope this works
+  security.acme.certs."bib3.de".postRun = ''
+    install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap
+    install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap
+  '';
+
  services.openldap = {
    enable = true;
    dataDir = "/var/lib/openldap";
    rootpwFile = "/etc/nixos/secret/openldaproot.pw";
    suffix = "o=bib3,c=DE";
    rootdn = "cn=admin,o=bib3,c=DE";
+    extraConfig = ''
+      TLSCipherSuite DEFAULT
+      TLSCACertificateFile  /var/lib/ssl/openldap/chain.pem
+      TLSCertificateFile    /var/lib/ssl/openldap/cert.pem
+      TLSCertificateKeyFile /var/lib/ssl/openldap/key.pem
+    '';
    declarativeContents = ''
      dn: o=bib3, c=DE
      objectclass: organization
@ -16,9 +28,13 @@
      ou: users

      dn: cn=test, ou=users, o=bib3, c=DE
-      objectclass: person
-      cn: test
-      sn: test
+      objectclass: InetOrgPerson
+      cn: testcn
+      sn: testsn
+      givenName: test test
+      mail: test@test.de
+      userPassword: {CRYPT}$6$ssV7iTyDF7VMB.gx$DKUJgb/M5q.nd0/ilBTQRaR/pw9bMGhbrCp0CSD9Mt1epgoXYu9LA9P4UtWOyVV/QV3LHvJNoiBsfZMcBMAQN.
    '';
  };
+  # TODO move users to seperate files
 }