Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add support for pgpPublicKey in OpenLDAP configuration

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-06-08 13:08:22 +02:00
parent a7d304cc5b
commit 91394ef68a
1 changed files with 67 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
hosts/mail/modules/openldap.nix
View File

@@ -55,20 +55,28 @@ in {
by * none
''
''
{1}to attrs=loginShell
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to attrs=loginShell
by self write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com"
{3}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com"
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{3}to *
{4}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by dn="cn=admin,dc=cloonar,dc=com" write
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
@@ -123,7 +131,15 @@ in {
by * none
''
''
{1}to *
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
@@ -160,7 +176,15 @@ in {
by * none
''
''
{1}to *
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
@@ -198,7 +222,15 @@ in {
by * none
''
''
{1}to *
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
@@ -236,7 +268,15 @@ in {
by * none
''
''
{1}to *
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
@@ -274,7 +314,15 @@ in {
by * none
''
''
{1}to *
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
@@ -299,7 +347,7 @@ in {
(1.3.6.1.4.1.28298.1.2.4 NAME 'cloonarUser'
SUP (mailAccount) AUXILIARY
DESC 'Cloonar Account'
MAY (sshPublicKey $ ownCloudQuota $ quota))
MAY (sshPublicKey $ pgpPublicKey $ ownCloudQuota $ quota))
''
];
};
@@ -374,14 +422,22 @@ in {
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
''
''
(1.3.6.1.4.1.24552.500.1.1.1.14
NAME 'pgpPublicKey'
DESC 'PGP/GPG Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
''
];
olcObjectClasses = [
''
(1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MUST ( sshPublicKey $ uid ))
DESC 'SSH and PGP Public Key Support'
MUST ( uid )
MAY ( sshPublicKey $ pgpPublicKey ))
''
];
};