[Nix-commits] SVN commit: nix - r29563 - nixos/trunk/modules/config

Sun, 02 Oct 2011 06:24:23 -0700 

Author: NicolasPierron
Date: Sun Oct  2 13:24:10 2011
New Revision: 29563
URL: https://ssl.nixos.org/websvn/nix/?rev=29563&sc=1

Log:
LDAP non-anonymous bind.

Patch by Rickard Nilsson.

Modified:
   nixos/trunk/modules/config/ldap.nix

Modified: nixos/trunk/modules/config/ldap.nix
==============================================================================
--- nixos/trunk/modules/config/ldap.nix Sun Oct  2 12:53:51 2011        (r29562)
+++ nixos/trunk/modules/config/ldap.nix Sun Oct  2 13:24:10 2011        (r29563)
@@ -2,7 +2,7 @@
 
 ###### interface
 let
-  inherit (pkgs.lib) mkOption mkIf;
+  inherit (pkgs.lib) mkOption mkIf optionalString stringAfter;
 
   options = {
     users = {
@@ -39,6 +39,27 @@
           ";
         };
 
+        bind = {
+          distinguishedName = mkOption {
+            default = "";
+            example = "cn=admin,dc=example,dc=com";
+            type = with pkgs.lib.types; string;
+            description = "
+              The distinguished name to bind to the LDAP server with. If this
+              is not specified, an anonymous bind will be done.
+            ";
+          };
+
+          password = mkOption {
+            default = "/etc/ldap/bind.password";
+            type = with pkgs.lib.types; string;
+            description = "
+              The path to a file containing the credentials to use when binding
+              to the LDAP server (if not binding anonymously).
+            ";
+          };
+        };
+
       };
     };
   };
@@ -62,10 +83,14 @@
             uri ${config.users.ldap.server}
             base ${config.users.ldap.base}
 
-            ${if config.users.ldap.useTLS then ''
+            ${optionalString config.users.ldap.useTLS ''
               ssl start_tls
               tls_checkpeer no
-            '' else ""}
+            ''}
+
+            ${optionalString (config.users.ldap.bind.distinguishedName != "") 
''
+              binddn ${config.users.ldap.bind.distinguishedName}
+            ''}
           '';
         target = "ldap.conf";
       }
@@ -73,4 +98,14 @@
     ];
   };
 
+  system.activationScripts.ldap = stringAfter [ "etc" ] (
+    optionalString (config.users.ldap.bind.distinguishedName != "") ''
+      if test -f "${config.users.ldap.bind.password}" ; then
+        echo "bindpw $(cat ${config.users.ldap.bind.password})" | cat 
/etc/ldap.conf - > /etc/ldap.conf.bindpw
+        mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
+        chmod 600 /etc/ldap.conf
+      fi
+    ''
+  );
+
 }
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to