Quote ldap password

Otherwise special characters like # do not work
This commit is contained in:
Sandro Jäckel 2024-04-13 16:08:58 +02:00 committed by lewo
parent 9f6635a035
commit ef4756bcfc
2 changed files with 5 additions and 3 deletions

View file

@ -49,7 +49,7 @@ in
# Appends the LDAP bind password to files to avoid writing this # Appends the LDAP bind password to files to avoid writing this
# password into the Nix store. # password into the Nix store.
appendLdapBindPwd = { appendLdapBindPwd = {
name, file, prefix, passwordFile, destination name, file, prefix, suffix ? "", passwordFile, destination
}: pkgs.writeScript "append-ldap-bind-pwd-in-${name}" '' }: pkgs.writeScript "append-ldap-bind-pwd-in-${name}" ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
set -euo pipefail set -euo pipefail
@ -61,8 +61,9 @@ in
fi fi
cat ${file} > ${destination} cat ${file} > ${destination}
echo -n "${prefix}" >> ${destination} echo -n '${prefix}' >> ${destination}
cat ${passwordFile} >> ${destination} cat ${passwordFile} >> ${destination}
echo -n '${suffix}' >> ${destination}
chmod 600 ${destination} chmod 600 ${destination}
''; '';

View file

@ -90,7 +90,8 @@ let
setPwdInLdapConfFile = appendLdapBindPwd { setPwdInLdapConfFile = appendLdapBindPwd {
name = "ldap-conf-file"; name = "ldap-conf-file";
file = ldapConfig; file = ldapConfig;
prefix = "dnpass = "; prefix = ''dnpass = "'';
suffix = ''"'';
passwordFile = cfg.ldap.bind.passwordFile; passwordFile = cfg.ldap.bind.passwordFile;
destination = ldapConfFile; destination = ldapConfFile;
}; };