ldap: set fields the user can change on their own

2023-05-25 22:23:25 +01:00 · 2023-05-25 22:23:25 +01:00 · eb34303c7b
commit eb34303c7b
parent d1b79da77c
1 changed files with 6 additions and 2 deletions
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@ -143,7 +143,7 @@ Gonna use a priper nixos module for this
          "olcDatabase={-1}frontend".attrs = {
            objectClass = [ "olcDatabaseConfig" "olcFrontendConfig" ];

-            olcPasswordHash = "{SSHA512}";
+            olcPasswordHash = "{SHA512}";
          };

          "olcDatabase={1}mdb" = {
@ -168,8 +168,12 @@ Gonna use a priper nixos module for this
                    by anonymous auth
                    by * none''

+                ''{1}to attrs=mail,sshPublicKey,cn,sn,skDiscord
+                    by self write
+                    by * read''
+
                /* allow read on anything else */
-                ''{1}to *
+                ''{2}to *
                    by * read''
              ];