diff options
| author | Aaron Andersen <aaron@fosslib.net> | 2020-12-11 17:18:12 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-11 17:18:12 -0500 |
| commit | 9826371e44cec6b0411c5f66c073b9e21d8c837d (patch) | |
| tree | ffd9fb644970e4a5286deefa1cf94baa26ef177b /nixos/modules | |
| parent | 99fe3aa052965f6a8a1dc7b83b68ddad800d7f68 (diff) | |
| parent | ae02e1fe53eaad4075976cf0b2cfcfa10f45094a (diff) | |
Merge pull request #101224 from aanderse/ldap
nixos/ldap: restart nslcd when configuration changes
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/config/ldap.nix | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix index 1a5dbcd4e26b..e63f8c0d43e7 100644 --- a/nixos/modules/config/ldap.nix +++ b/nixos/modules/config/ldap.nix @@ -59,30 +59,28 @@ in users.ldap = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable authentication against an LDAP server."; - }; + enable = mkEnableOption "authentication against an LDAP server"; loginPam = mkOption { type = types.bool; default = true; - description = "Whether to include authentication against LDAP in login PAM"; + description = "Whether to include authentication against LDAP in login PAM."; }; nsswitch = mkOption { type = types.bool; default = true; - description = "Whether to include lookup against LDAP in NSS"; + description = "Whether to include lookup against LDAP in NSS."; }; server = mkOption { + type = types.str; example = "ldap://ldap.example.org/"; description = "The URL of the LDAP server."; }; base = mkOption { + type = types.str; example = "dc=example,dc=org"; description = "The distinguished name of the search base."; }; @@ -129,7 +127,7 @@ in type = types.lines; description = '' Extra configuration options that will be added verbatim at - the end of the nslcd configuration file (nslcd.conf). + the end of the nslcd configuration file (<literal>nslcd.conf(5)</literal>). '' ; } ; @@ -180,7 +178,7 @@ in description = '' Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit - specified in <literal>users.ldap.timeLimit</literal> and affects + specified in <option>users.ldap.timeLimit</option> and affects the initial server connection only. ''; }; @@ -197,7 +195,7 @@ in actually contact the directory server, and it is possible that a malformed configuration file will trigger reconnection. If <literal>soft</literal> is specified, then - <literal>nss_ldap</literal> will return immediately on server + <package>nss_ldap</package> will return immediately on server failure. All hard reconnect policies block with exponential backoff before retrying. ''; @@ -209,10 +207,10 @@ in type = types.lines; description = '' Extra configuration options that will be added verbatim at - the end of the ldap configuration file (ldap.conf). - If <literal>users.ldap.daemon</literal> is enabled, this + the end of the ldap configuration file (<literal>ldap.conf(5)</literal>). + If <option>users.ldap.daemon</option> is enabled, this configuration will not be used. In that case, use - <literal>users.ldap.daemon.extraConfig</literal> instead. + <option>users.ldap.daemon.extraConfig</option> instead. '' ; }; @@ -276,7 +274,12 @@ in } >"$conf" mv -fT "$conf" /run/nslcd/nslcd.conf ''; - restartTriggers = [ "/run/nslcd/nslcd.conf" ]; + + restartTriggers = [ + nslcdConfig + cfg.bind.passwordFile + cfg.daemon.rootpwmodpwFile + ]; serviceConfig = { ExecStart = "${nslcdWrapped}/bin/nslcd"; |