From 5f6ff49e37b92c7aeada9b867246d4a513b5ae56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 24 Dec 2019 08:27:02 +0100
Subject: Protect adminer access

---
 modules/private/websites/commons/adminer.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'modules/private/websites/commons')

diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix
index 98ab461..d591c90 100644
--- a/modules/private/websites/commons/adminer.nix
+++ b/modules/private/websites/commons/adminer.nix
@@ -11,10 +11,13 @@ rec {
       Alias /adminer ${root}
       <Directory ${root}>
         DirectoryIndex index.php
-        Require all granted
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
         </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
       </Directory>
       '';
   };
-- 
cgit v1.2.3