ldap: is working as intended, working on scripting to add and manage users

machines/optimus.nix

@@ -67,7 +67,7 @@ in {
   };
 
   security.sudo.extraRules = [
-     { groups = [ "admin-skynet" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
+     { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
   ];
 
   services.sssd = {
@@ -83,15 +83,20 @@ in {
       id_provider = ldap
       auth_provider = ldap
       sudo_provider = ldap
-      ldap_uri = ldap://sso.skynet.ie
-      ldap_search_base = ou=users,dc=skynet,dc=ie
-      ldap_group_search_base = ou=posix-groups,dc=skynet,dc=ie
-      ldap_sudo_search_base = ou=admin-skynet,ou=posix-groups,dc=skynet,dc=ie
-      ldap_default_bind_dn = uid=portunus_service,ou=users,dc=skynet,dc=ie
+      ldap_uri = ldap://193.1.99.112:389
+
+      ldap_search_base = dc=skynet,dc=ie
+      ldap_user_search_base  = ou=users,dc=skynet,dc=ie
+      ldap_group_search_base = ou=groups,dc=skynet,dc=ie
+      ldap_sudo_search_base = cn=skynet-admins,ou=groups,dc=skynet,dc=ie
+
+      ldap_group_nesting_level = 5
+
+      ldap_default_bind_dn = cn=admin,dc=skynet,dc=ie
       ldap_default_authtok_type = password
       ldap_default_authtok = $LDAP_BIND_PW
       cache_credentials = false
-      simple_allow_groups = admin-skynet
+      simple_allow_groups = skynet-admins,skynet-users
 
       [sssd]
       config_file_version = 2