wiro.world / dotfiles
yep, more dotfiles
fork atom

server: fix authelia ldap mappings

wiro.world 95fa5988 d39b5ba5

verified
+17 -9
+17 -9
nixos/profiles/server.nix
··· 358 358 port = headscale-port; 359 359 settings = { 360 360 server_url = "https://${headscale-hostname}"; 361 + # TODO: prometheus scrape headscale metrics 361 362 metrics_listen_addr = "127.0.0.1:${toString headscale-metrics-port}"; 362 363 363 364 # disable TLS ··· 411 412 server.address = "localhost:${toString authelia-port}"; 412 413 storage.local.path = "/var/lib/authelia-main/db.sqlite3"; 413 414 415 + # TODO: prometheus scrape authelia metrics 416 + 414 417 session = { 415 418 cookies = [{ 416 419 domain = "wiro.world"; ··· 428 431 # password = ""; 429 432 430 433 base_dn = "dc=wiro,dc=world"; 431 - users_filter = "(&({username_attribute}={input})(objectClass=person))"; 434 + users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"; 435 + additional_users_dn = "ou=people"; 432 436 groups_filter = "(&(member={dn})(objectClass=groupOfNames))"; 437 + additional_groups_dn = "ou=groups"; 433 438 434 - # attributes = { 435 - # # username = "user_id"; 436 - # username = "uid"; 437 - # display_name = "display_name"; 438 - # mail = "mail"; 439 - # group_name = "cn"; 440 - # }; 439 + attributes = { 440 + username = "uid"; 441 + display_name = "cn"; 442 + given_name = "givenname"; 443 + family_name = "last_name"; 444 + mail = "mail"; 445 + picture = "avatar"; 446 + 447 + group_name = "cn"; 448 + }; 441 449 }; 442 450 443 451 access_control = { ··· 452 460 453 461 454 462 identity_providers.oidc = { 455 - # enforce_pkce = "always"; 463 + enforce_pkce = "always"; 456 464 clients = [ 457 465 { 458 466 client_name = "Headscale";