From 79b4a615f0e46d13bfe0ca33fa4e2b2c783cb92f Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Tue, 5 Aug 2025 18:31:16 +0200
Subject: [PATCH] fix: ldap auth

---
 utils/modules/ldap-auth.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/utils/modules/ldap-auth.nix b/utils/modules/ldap-auth.nix
index 30b5d37..ae14643 100644
--- a/utils/modules/ldap-auth.nix
+++ b/utils/modules/ldap-auth.nix
@@ -41,6 +41,9 @@ in
 
       ldap_schema = rfc2307
       ldap_group_member = memberUid
+
+      use_fully_qualified_names = False
+      fallback_homedir = /home/%u
     '';
     environmentFile = config.sops.secrets.sssd-environment.path;
   };
@@ -60,7 +63,7 @@ in
 
   services.openssh = {
     settings = {
-      AuthorizedKeysCommand      = "/etc/ssh/ldap-authorized-keys";
+      AuthorizedKeysCommand      = "/etc/ssh/ldap-authorized-keys %u";
       AuthorizedKeysCommandUser  = "nslcd";   # default is “nobody” :contentReference[oaicite:0]{index=0}
       PubkeyAuthentication       = "yes";
     };