[ldap] Add ldap_api access to manage ldap

2023-07-30 20:19:38 +00:00 · 2023-07-30 20:19:38 +00:00 · 90deec3940
commit 90deec3940
parent f0bc3eea2e
1 changed files with 4 additions and 1 deletions
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@ -181,16 +181,19 @@ Gonna use a priper nixos module for this
              olcAccess = [
                /* custom access rules for userPassword attributes */
                ''{0}to attrs=userPassword
+                    by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
                    by self write
                    by anonymous auth
                    by * none''

                ''{1}to attrs=mail,sshPublicKey,cn,sn,skDiscord
+                    by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
                    by self write
                    by * read''

                /* allow read on anything else */
                ''{2}to *
+                    by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
                    by * read''
              ];