pyrox.dev
Merge pull request #16148 from womfoo/openldap
openldap: add -h urlList in service so LDAP TLS could be enabled
authored by
Joachim Fasting
and committed by
GitHub
c7ca9faa
ecd3617d
+9
-2
nixos/modules/services/databases/openldap.nix
+9
-2
nixos/modules/services/databases/openldap.nix
···
40
40
description = "Group account under which slapd runs.";
41
41
};
42
42
43
+
urlList = mkOption {
44
+
type = types.listOf types.string;
45
+
default = [ "ldap:///" ];
46
+
description = "URL list slapd should listen on.";
47
+
example = [ "ldaps:///" ];
48
+
};
49
+
43
50
dataDir = mkOption {
44
51
type = types.string;
45
52
default = "/var/db/openldap";
···
50
57
type = types.lines;
51
58
default = "";
52
59
description = "
53
-
sldapd.conf configuration
60
+
slapd.conf configuration
54
61
";
55
62
example = literalExample ''
56
63
'''
···
89
96
mkdir -p ${cfg.dataDir}
90
97
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
91
98
'';
92
-
serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}";
99
+
serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" -f ${configFile}";
93
100
};
94
101
95
102
users.extraUsers.openldap =