commit ae02e1fe53eaad4075976cf0b2cfcfa10f45094a · pyrox.dev/nixpkgs

+9 -13

nixos/modules/config/ldap.nix

···

       59
        
       

     

       60
        
           users.ldap = {

     

       61
        
       

     

       62
       -
             enable = mkOption {

     

       63
       -
               type = types.bool;

     

       64
       -
               default = false;

     

       65
       -
               description = "Whether to enable authentication against an LDAP server.";

     

       66
       -
             };

     

       67
        
       

     

       68
        
             loginPam = mkOption {

     

       69
        
               type = types.bool;

     

       70
        
               default = true;

     

       71
       -
               description = "Whether to include authentication against LDAP in login PAM";

     

       72
        
             };

     

       73
        
       

     

       74
        
             nsswitch = mkOption {

     

       75
        
               type = types.bool;

     

       76
        
               default = true;

     

       77
       -
               description = "Whether to include lookup against LDAP in NSS";

     

       78
        
             };

     

       79
        
       

     

       80
        
             server = mkOption {

     
···

       131
        
                 type = types.lines;

     

       132
        
                 description = ''

     

       133
        
                   Extra configuration options that will be added verbatim at

     

       134
       -
                   the end of the nslcd configuration file (nslcd.conf).

     

       135
        
                 '' ;

     

       136
        
               } ;

     

       137
        
       

     
···

       182
        
                 description = ''

     

       183
        
                   Specifies the time limit (in seconds) to use when connecting

     

       184
        
                   to the directory server. This is distinct from the time limit

     

       185
       -
                   specified in <literal>users.ldap.timeLimit</literal> and affects

     

       186
        
                   the initial server connection only.

     

       187
        
                 '';

     

       188
        
               };

     
···

       199
        
                   actually contact the directory server, and it is possible that

     

       200
        
                   a malformed configuration file will trigger reconnection. If

     

       201
        
                   <literal>soft</literal> is specified, then

     

       202
       -
                   <literal>nss_ldap</literal> will return immediately on server

     

       203
        
                   failure. All hard reconnect policies block with exponential

     

       204
        
                   backoff before retrying.

     

       205
        
                 '';

     
···

       211
        
               type = types.lines;

     

       212
        
               description = ''

     

       213
        
                 Extra configuration options that will be added verbatim at

     

       214
       -
                 the end of the ldap configuration file (ldap.conf).

     

       215
       -
                 If <literal>users.ldap.daemon</literal> is enabled, this

     

       216
        
                 configuration will not be used. In that case, use

     

       217
       -
                 <literal>users.ldap.daemon.extraConfig</literal> instead.

     

       218
        
               '' ;

     

       219
        
             };

     

       220

···

       59
        
       

     

       60
        
           users.ldap = {

     

       61
        
       

     

       62
       +
             enable = mkEnableOption "authentication against an LDAP server";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       63
        
       

     

       64
        
             loginPam = mkOption {

     

       65
        
               type = types.bool;

     

       66
        
               default = true;

     

       67
       +
               description = "Whether to include authentication against LDAP in login PAM.";

     

       68
        
             };

     

       69
        
       

     

       70
        
             nsswitch = mkOption {

     

       71
        
               type = types.bool;

     

       72
        
               default = true;

     

       73
       +
               description = "Whether to include lookup against LDAP in NSS.";

     

       74
        
             };

     

       75
        
       

     

       76
        
             server = mkOption {

     
···

       127
        
                 type = types.lines;

     

       128
        
                 description = ''

     

       129
        
                   Extra configuration options that will be added verbatim at

     

       130
       +
                   the end of the nslcd configuration file (<literal>nslcd.conf(5)</literal>).

     

       131
        
                 '' ;

     

       132
        
               } ;

     

       133
        
       

     
···

       178
        
                 description = ''

     

       179
        
                   Specifies the time limit (in seconds) to use when connecting

     

       180
        
                   to the directory server. This is distinct from the time limit

     

       181
       +
                   specified in <option>users.ldap.timeLimit</option> and affects

     

       182
        
                   the initial server connection only.

     

       183
        
                 '';

     

       184
        
               };

     
···

       195
        
                   actually contact the directory server, and it is possible that

     

       196
        
                   a malformed configuration file will trigger reconnection. If

     

       197
        
                   <literal>soft</literal> is specified, then

     

       198
       +
                   <package>nss_ldap</package> will return immediately on server

     

       199
        
                   failure. All hard reconnect policies block with exponential

     

       200
        
                   backoff before retrying.

     

       201
        
                 '';

     
···

       207
        
               type = types.lines;

     

       208
        
               description = ''

     

       209
        
                 Extra configuration options that will be added verbatim at

     

       210
       +
                 the end of the ldap configuration file (<literal>ldap.conf(5)</literal>).

     

       211
       +
                 If <option>users.ldap.daemon</option> is enabled, this

     

       212
        
                 configuration will not be used. In that case, use

     

       213
       +
                 <option>users.ldap.daemon.extraConfig</option> instead.

     

       214
        
               '' ;

     

       215
        
             };

     

       216