Browse Source

Move repl setting to db conf

mail
m1cr0man 2 years ago
parent
commit
c87a219ef6
2 changed files with 18 additions and 18 deletions
  1. +1
    -1
      hosts/icarus/configuration.nix
  2. +17
    -17
      services/ldap/default.nix

+ 1
- 1
hosts/icarus/configuration.nix View File

@@ -7,7 +7,7 @@ in {
../../common/sysconfig.nix
../../services/ssh.nix
../../services/gluster.nix
../../services/ldap.nix
../../services/ldap
];

# This value determines the NixOS release with which your system is to be


+ 17
- 17
services/ldap/default.nix View File

@@ -19,7 +19,22 @@ in {
database = "hdb";
extraDatabaseConfig = ''
cachesize 100000
'';
'' + (if (config.redbrick.ldapSlaveTo == null) then ''

# Master config
overlay syncprov
syncprov-checkpoint 100 10
'' else ''
syncrepl rid=000
provider=ldap://${config.redbrick.ldapSlaveTo}:389
type=refreshAndPersist
retry="5 5 300 +"
attrs="*,+"
binddn="cn=slurpd,ou=ldap,o=redbrick"
bindmethod=simple
credentials=${lib.fileContents slurpdpwFile}
searchbase="o=redbrick"
'');
extraConfig = ''
include ${pkgs.openldap.out}/etc/schema/core.schema
include ${pkgs.openldap.out}/etc/schema/cosine.schema
@@ -67,22 +82,7 @@ in {
# Default ACL
access to *
by * read
'' + (if (config.redbrick.ldapSlaveTo == null) then ''

# Master config
overlay syncprov
syncprov-checkpoint 100 10
'' else ''
syncrepl rid=000
provider=ldap://${config.redbrick.ldapSlaveTo}:389
type=refreshAndPersist
retry="5 5 300 +"
attrs="*,+"
binddn="cn=slurpd,ou=ldap,o=redbrick"
bindmethod=simple
credentials=${lib.fileContents slurpdpwFile}
searchbase="o=redbrick"
'');
'';
};

networking.firewall.allowedTCPPorts = [ 389 ];


Loading…
Cancel
Save