aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: warn about lack of trimming on the LDAP bind password

Browse Source
This commit is contained in:
Martin Weinelt
2026-05-24 04:33:02 +02:00
parent 82d9924cdf
commit f8f71c820a
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
default.nix
+5
View File
@@ -425,6 +425,11 @@ in
example = "/run/my-secret"; example = "/run/my-secret";
description = '' description = ''
File containing the password required to bind against the LDAP server. File containing the password required to bind against the LDAP server.
:::{warning}
The password file is read verbatim. Any trailing newline will become
part of the password and may cause authentication failures.
:::
''; '';
}; };
}; };
docs/release-notes.rst
+3
View File
@@ -64,6 +64,9 @@ LDAP
typical LDAP practices. The exact attribute can be customized through typical LDAP practices. The exact attribute can be customized through
:option:`mailserver.ldap.attributes.username`. :option:`mailserver.ldap.attributes.username`.
- The LDAP bind password is now read verbatim without trimming whitespace. Any
trailing newline is now preserved and may cause authentication failures.
- Local and LDAP accounts can now coexist. For overlapping accounts and addresses - Local and LDAP accounts can now coexist. For overlapping accounts and addresses
the local account will always win. the local account will always win.