Oncall: Difference between revisions
Add OpenLDAP config for authentication |
mNo edit summary |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
== Setup == | == Setup == | ||
{{Warning|This setup example is for local and testing environments only. Please not that in this case secrets such as the passwords get copied into the Nix store and are globally readable.}} | {{Warning|This setup example is for local and testing environments only. Please not that in this case secrets such as the passwords get copied into the Nix store and are globally readable.}} | ||
| Line 25: | Line 23: | ||
in | in | ||
{ | { | ||
environment.etc."oncall-secrets.yml".text = '' | |||
auth: | |||
ldap_bind_password: "${ldapRootPassword}" | |||
''; | |||
services.oncall = { | services.oncall = { | ||
| Line 34: | Line 37: | ||
ldap_user_suffix = ""; | ldap_user_suffix = ""; | ||
ldap_bind_user = "cn=root,${ldapSuffix}"; | ldap_bind_user = "cn=root,${ldapSuffix}"; | ||
ldap_base_dn = "ou=accounts,${ldapSuffix}"; | ldap_base_dn = "ou=accounts,${ldapSuffix}"; | ||
ldap_search_filter = "(uid=%s)"; | ldap_search_filter = "(uid=%s)"; | ||
| Line 42: | Line 44: | ||
full_name = "cn"; | full_name = "cn"; | ||
email = "mail"; | email = "mail"; | ||
call = "telephoneNumber"; | |||
sms = "mobile"; | |||
}; | }; | ||
}; | }; | ||
}; | }; | ||
secretFile = "/etc/oncall-secrets.yml"; | |||
}; | }; | ||
| Line 86: | Line 90: | ||
dn: uid=${testUser},ou=accounts,${ldapSuffix} | dn: uid=${testUser},ou=accounts,${ldapSuffix} | ||
objectClass: | objectClass: top | ||
objectClass: | objectClass: inetOrgPerson | ||
uid: ${testUser} | uid: ${testUser} | ||
userPassword: ${testPassword} | userPassword: ${testPassword} | ||
cn: | cn: Test User | ||
sn: | sn: User | ||
mail: test@example.org | |||
telephoneNumber: 012345678910 | |||
mobile: 012345678910 | |||
''; | ''; | ||
}; | }; | ||