From eb34303c7be40aa3b41b5d9f8760c823c60dd526 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Thu, 25 May 2023 22:23:25 +0100
Subject: [PATCH] ldap: set fields the user can change on their own

---
 applications/ldap.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/applications/ldap.nix b/applications/ldap.nix
index 26eb993..1c248a5 100644
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@@ -143,7 +143,7 @@ Gonna use a priper nixos module for this
           "olcDatabase={-1}frontend".attrs = {
             objectClass = [ "olcDatabaseConfig" "olcFrontendConfig" ];
 
-            olcPasswordHash = "{SSHA512}";
+            olcPasswordHash = "{SHA512}";
           };
 
           "olcDatabase={1}mdb" = {
@@ -168,8 +168,12 @@ Gonna use a priper nixos module for this
                     by anonymous auth
                     by * none''
 
+                ''{1}to attrs=mail,sshPublicKey,cn,sn,skDiscord
+                    by self write
+                    by * read''
+
                 /* allow read on anything else */
-                ''{1}to *
+                ''{2}to *
                     by * read''
               ];