1 { pkgs, lib, config, ... }:
2 let inherit (builtins) baseNameOf readFile;
4 inherit (pkgs.lib) unlinesAttrs;
5 inherit (config) networking;
6 inherit (config.services) openldap;
7 inherit (config.users) ldap;
8 domainSuffix = "dc=" + lib.concatStringsSep ",dc=" (lib.splitString "." networking.domain);
10 # LDAP is useless if you don't have to manage many shared accounts.
11 # But well... if you want to learn about LDAP anyway, here's a good starting
14 openldap/sourcephile.fr.nix
20 base = "ou=posix,${domainSuffix}";
22 #distinguishedName = "cn=admin,${domainSuffix}";
30 # NOTE: nslcd cannot use SASL to bind to rootpwmoddn
31 # which is the DN used by nslcd when passwd is run by root
32 # to change the userPassword of an LDAP user.
33 # SEE: https://www.reddit.com/r/linuxadmin/comments/53sxpl/how_do_i_configure_nslcd_to_use_a_sasl_external/d7w9awd/
34 # Thus, use: ldappasswd -H ldapi:// -Y EXTERNAL uid=$user,ou=accounts,ou=posix,dc=sourcephile,dc=fr
40 dataDir = "/var/db/ldap";
41 configDir = "/var/db/slapd";
42 urlList = [ "ldapi:///" ]; # UNIX socket