aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ldap: replace pass_attrs option with password attr option

Browse Source 
The passdb only checks password access, so instead of customizing the
whole pass_attrs setting we now allow customization of the password field
used.
This commit is contained in:
Martin Weinelt
2026-03-15 18:44:31 +01:00
parent 091eda1ed2
commit af480dba87
2 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
default.nix
+14 -12
View File
@@ -394,6 +394,17 @@ in
[RFC4530]: https://www.rfc-editor.org/rfc/rfc4530.html [RFC4530]: https://www.rfc-editor.org/rfc/rfc4530.html
''; '';
}; };
password = mkOption {
type = types.str;
default = "userPassword";
example = "unix_password";
description = ''
The LDAP attribute referencing the account password used to login with.
Typically the `userPassword` attribute which is part of the `inetOrgPerson` schema.
'';
};
}; };
dovecot = { dovecot = {
@@ -410,18 +421,6 @@ in
''; '';
}; };
passAttrs = mkOption {
type = types.str;
default = "userPassword=password";
description = ''
LDAP attributes to be retrieved during passdb lookups.
See the pass_attrs reference at
https://doc.dovecot.org/2.3/configuration_manual/authentication/ldap_settings_auth/#pass-attrs
in the Dovecot manual.
'';
};
passFilter = mkOption { passFilter = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = "mail=%{user}"; default = "mail=%{user}";
@@ -1638,5 +1637,8 @@ in
(mkRemovedOptionModule [ "mailserver" "ldap" "dovecot" "userAttrs" ] '' (mkRemovedOptionModule [ "mailserver" "ldap" "dovecot" "userAttrs" ] ''
The user_attrs field is now used internally to map the home and mail directories. The user_attrs field is now used internally to map the home and mail directories.
'') '')
(mkRemovedOptionModule [ "mailserver" "ldap" "dovecot" "passAttrs" ] ''
The pass_attrs field is now used internally. You can customize the `mailserver.ldap.attributes.password` field instead.
'')
]; ];
} }
mail-server/dovecot.nix
+1 -3
View File
@@ -84,9 +84,7 @@ let
lib.optionalString (cfg.indexDir != null) ":INDEX=${cfg.indexDir}/ldap/%{ldap:${ldapUuidAttribute}}" lib.optionalString (cfg.indexDir != null) ":INDEX=${cfg.indexDir}/ldap/%{ldap:${ldapUuidAttribute}}"
} }
user_filter = ${cfg.ldap.dovecot.userFilter} user_filter = ${cfg.ldap.dovecot.userFilter}
${lib.optionalString (cfg.ldap.dovecot.passAttrs != "") '' pass_attrs = ${cfg.ldap.attributes.password}=password
pass_attrs = ${cfg.ldap.dovecot.passAttrs}
''}
pass_filter = ${cfg.ldap.dovecot.passFilter} pass_filter = ${cfg.ldap.dovecot.passFilter}
''; '';
}; };