2 files changed, 22 insertions, 21 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index d7d61db..efe9379 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -12,27 +12,14 @@ let
    moduleload      back_hdb
    backend         hdb
-    moduleload      memberof
+    TLSCertificateFile    ${config.security.acme.certs.ldap.directory}/cert.pem
-    database        hdb
+    TLSCertificateKeyFile ${config.security.acme.certs.ldap.directory}/key.pem
-    suffix          "${cfg.baseDn}"
+    TLSCACertificateFile  ${config.security.acme.certs.ldap.directory}/fullchain.pem
-    rootdn          "${cfg.rootDn}"
-    include         ${config.secrets.location}/ldap/password
-    directory       ${cfg.dataDir}
-    overlay         memberof
-    moduleload      syncprov
-    overlay         syncprov
-    syncprov-checkpoint 100 10
-    TLSCertificateFile    ${config.security.acme2.certs.ldap.directory}/cert.pem
-    TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem
-    TLSCACertificateFile  ${config.security.acme2.certs.ldap.directory}/fullchain.pem
    TLSCACertificatePath  ${pkgs.cacert.unbundled}/etc/ssl/certs/
    #This makes openldap crash
    #TLSCipherSuite        DEFAULT
    sasl-host kerberos.immae.eu
-    include ${config.secrets.location}/ldap/access
    '';
 in
 {
@@ -117,7 +104,7 @@ in
    users.users.openldap.extraGroups = [ "keys" ];
    networking.firewall.allowedTCPPorts = [ 636 389 ];
-    security.acme2.certs."ldap" = config.myServices.databasesCerts // {
+    security.acme.certs."ldap" = config.myServices.databasesCerts // {
      user = "openldap";
      group = "openldap";
      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
@@ -137,6 +124,20 @@ in
      dataDir = cfg.dataDir;
      urlList = [ "ldap://" "ldaps://" ];
      extraConfig = ldapConfig;
+      extraDatabaseConfig = ''
+        moduleload      memberof
+        overlay         memberof
+        moduleload      syncprov
+        overlay         syncprov
+        syncprov-checkpoint 100 10
+        include ${config.secrets.location}/ldap/access
+        '';
+      rootpwFile = "${config.secrets.location}/ldap/password";
+      suffix = cfg.baseDn;
+      rootdn = cfg.rootDn;
+      database = "hdb";
    };
  };
 }
diff --git a/modules/private/databases/openldap/eldiron_schemas.nix b/modules/private/databases/openldap/eldiron_schemas.nix
index fc686dd..cf45ebe 100644
--- a/modules/private/databases/openldap/eldiron_schemas.nix
+++ b/modules/private/databases/openldap/eldiron_schemas.nix
@@ -9,10 +9,10 @@ let
    sha256 = "11bjf5zfvqlim7p9vddcafs0wiq3v8ys77x8h6fbp9c6bdfh0awh";
  };
  schemas = [
-    "${openldap}/etc/schema/core.schema"
+    #"${openldap}/etc/schema/core.schema"
-    "${openldap}/etc/schema/cosine.schema"
+    #"${openldap}/etc/schema/cosine.schema"
-    "${openldap}/etc/schema/inetorgperson.schema"
+    #"${openldap}/etc/schema/inetorgperson.schema"
-    "${openldap}/etc/schema/nis.schema"
+    #"${openldap}/etc/schema/nis.schema"
    puppetSchema
    kerberosSchema
    ./immae.schema