Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: add support for pgpPublicKey in OpenLDAP configuration

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2025-06-08 13:08:22 +02:00
parent a7d304cc5b
commit 91394ef68a
1 changed files with 67 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

78
hosts/mail/modules/openldap.nix
View file

@ -55,20 +55,28 @@ in {
by * none by * none
'' ''
'' ''
{1}to attrs=loginShell {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to attrs=loginShell
by self write by self write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none by * none
'' ''
'' ''
{2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" {3}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com"
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none by * none
'' ''
'' ''
{3}to * {4}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by dn="cn=admin,dc=cloonar,dc=com" write by dn="cn=admin,dc=cloonar,dc=com" write
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
@ -123,7 +131,15 @@ in {
by * none by * none
'' ''
'' ''
{1}to * {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read by * read
@ -160,7 +176,15 @@ in {
by * none by * none
'' ''
'' ''
{1}to * {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read by * read
@ -198,7 +222,15 @@ in {
by * none by * none
'' ''
'' ''
{1}to * {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read by * read
@ -236,7 +268,15 @@ in {
by * none by * none
'' ''
'' ''
{1}to * {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read by * read
@ -274,7 +314,15 @@ in {
by * none by * none
'' ''
'' ''
{1}to * {1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read by * read
@ -299,7 +347,7 @@ in {
(1.3.6.1.4.1.28298.1.2.4 NAME 'cloonarUser' (1.3.6.1.4.1.28298.1.2.4 NAME 'cloonarUser'
SUP (mailAccount) AUXILIARY SUP (mailAccount) AUXILIARY
DESC 'Cloonar Account' DESC 'Cloonar Account'
MAY (sshPublicKey $ ownCloudQuota $ quota)) MAY (sshPublicKey $ pgpPublicKey $ ownCloudQuota $ quota))
'' ''
]; ];
}; };
@ -374,14 +422,22 @@ in {
EQUALITY octetStringMatch EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
'' ''
''
(1.3.6.1.4.1.24552.500.1.1.1.14
NAME 'pgpPublicKey'
DESC 'PGP/GPG Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
''
]; ];
olcObjectClasses = [ olcObjectClasses = [
'' ''
(1.3.6.1.4.1.24552.500.1.1.2.0 (1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey' NAME 'ldapPublicKey'
SUP top AUXILIARY SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass' DESC 'SSH and PGP Public Key Support'
MUST ( sshPublicKey $ uid )) MUST ( uid )
MAY ( sshPublicKey $ pgpPublicKey ))
'' ''
]; ];
}; };