NixOS Wiki

OpenLDAP: Difference between revisions

← Older edit
VisualWikitext
Klinger (talk | contribs)
trusted
903 edits
Beginning sentence and Category:Server
Onny (talk | contribs)
261 edits
Reformat
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP).
[https://www.openldap.org OpenLDAP] is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP).


===Setting up a simple server===
===Setup===
<syntaxhighlight lang="nix">
A minimal local testing server can be run with following configuration<syntaxhighlight lang="nix">
  services.openldap = {
services.openldap = {
    enable = true;
  enable = true;


    /* enable plain connections only */
  /* enable plain connections only */
    urlList = [ "ldap:///" ];
  urlList = [ "ldap:///" ];


  settings = {
    attrs = {
      olcLogLevel = "conns config";
    };


     settings = {
     children = {
       attrs = {
       "cn=schema".includes = [
         olcLogLevel = "conns config";
        "${pkgs.openldap}/etc/schema/core.ldif"
       };
        "${pkgs.openldap}/etc/schema/cosine.ldif"
         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
       ];


       children = {
       "olcDatabase={1}mdb".attrs = {
        "cn=schema".includes = [
        objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
          "${pkgs.openldap}/etc/schema/core.ldif"
          "${pkgs.openldap}/etc/schema/cosine.ldif"
          "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
        ];


         "olcDatabase={1}mdb".attrs = {
         olcDatabase = "{1}mdb";
          objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
        olcDbDirectory = "/var/lib/openldap/data";


          olcDatabase = "{1}mdb";
        olcSuffix = "dc=example,dc=com";
          olcDbDirectory = "/var/lib/openldap/data";


          olcSuffix = "dc=example,dc=com";
        /* your admin account, do not use writeText on a production system */
        olcRootDN = "cn=admin,dc=example,dc=com";
        olcRootPW.path = pkgs.writeText "olcRootPW" "pass";


           /* your admin account, do not use writeText on a production system */
        olcAccess = [
           olcRootDN = "cn=admin,dc=example,dc=com";
           /* custom access rules for userPassword attributes */
          olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
           ''{0}to attrs=userPassword
              by self write
              by anonymous auth
              by * none''


           olcAccess = [
           /* allow read on anything else */
            /* custom access rules for userPassword attributes */
          ''{1}to *
            ''{0}to attrs=userPassword
              by * read''
                by self write
        ];
                by anonymous auth
                by * none''
 
            /* allow read on anything else */
            ''{1}to *
                by * read''
          ];
        };
       };
       };
     };
     };
   };
   };
};
</syntaxhighlight>
</syntaxhighlight>


Retrieved from "https://wiki.nixos.org/wiki/OpenLDAP"