ldap: add new option to generate group filter in search filters
This commit is contained in:
parent
777777f225
commit
54565aefeb
|
@ -0,0 +1,9 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
mkUserGroupOption = lib.mkOption {
|
||||||
|
type = with lib.types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = lib.mdDoc "Restrict logins to users in this group";
|
||||||
|
};
|
||||||
|
}
|
|
@ -94,6 +94,17 @@ in
|
||||||
description = lib.mdDoc "The uid of the service user used by services, often referred as search user.";
|
description = lib.mdDoc "The uid of the service user used by services, often referred as search user.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
searchFilterWithGroupFilter = lib.mkOption {
|
||||||
|
type = with lib.types; functionTo (functionTo str);
|
||||||
|
example = lib.literalExpression ''userFilterGroup: userFilter: if (userFilterGroup != null) then "(&''${config.security.ldap.groupFilter userFilterGroup})" else userFilter'';
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
A function that returns a search filter that may include a group filter.
|
||||||
|
The first argument may be the group that is filtered upon or null.
|
||||||
|
If set to null no additional filtering is done. If set the supplied filter is combined with the user filter.
|
||||||
|
The second argument must be the user filter including the applications placeholders or ideally the userFilter option.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
sshPublicKeyField = lib.mkOption {
|
sshPublicKeyField = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
example = "sshPublicKey";
|
example = "sshPublicKey";
|
||||||
|
|
Loading…
Reference in New Issue