ldap: replace pass_attrs option with password attr option
The passdb only checks password access, so instead of customizing the whole pass_attrs setting we now allow customization of the password field used.
This commit is contained in:
+14
-12
@@ -394,6 +394,17 @@ in
|
||||
[RFC4530]: https://www.rfc-editor.org/rfc/rfc4530.html
|
||||
'';
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
default = "userPassword";
|
||||
example = "unix_password";
|
||||
description = ''
|
||||
The LDAP attribute referencing the account password used to login with.
|
||||
|
||||
Typically the `userPassword` attribute which is part of the `inetOrgPerson` schema.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
dovecot = {
|
||||
@@ -410,18 +421,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
passAttrs = mkOption {
|
||||
type = types.str;
|
||||
default = "userPassword=password";
|
||||
description = ''
|
||||
LDAP attributes to be retrieved during passdb lookups.
|
||||
|
||||
See the pass_attrs reference at
|
||||
https://doc.dovecot.org/2.3/configuration_manual/authentication/ldap_settings_auth/#pass-attrs
|
||||
in the Dovecot manual.
|
||||
'';
|
||||
};
|
||||
|
||||
passFilter = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "mail=%{user}";
|
||||
@@ -1638,5 +1637,8 @@ in
|
||||
(mkRemovedOptionModule [ "mailserver" "ldap" "dovecot" "userAttrs" ] ''
|
||||
The user_attrs field is now used internally to map the home and mail directories.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "mailserver" "ldap" "dovecot" "passAttrs" ] ''
|
||||
The pass_attrs field is now used internally. You can customize the `mailserver.ldap.attributes.password` field instead.
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user