From 07c44b81c3c50ac55fdde82aa7a761aa6e758fd6 Mon Sep 17 00:00:00 2001
From: Markus Mueller <john.subscriber@markus.institute>
Date: Mon, 18 Jul 2016 13:24:21 +0000
Subject: ldap: Add option for NSS integration

---
 nixos/modules/config/ldap.nix     | 6 ++++++
 nixos/modules/config/nsswitch.nix | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix
index 7cbcc39412ea..da875d6e4821 100644
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@@ -68,6 +68,12 @@ in
         description = "Whether to include authentication against LDAP in login PAM";
       };
 
+      nsswitch = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to include lookup against LDAP in NSS";
+      };
+
       server = mkOption {
         example = "ldap://ldap.example.org/";
         description = "The URL of the LDAP server.";
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index a39c2895bf84..f30136be44e1 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -8,7 +8,7 @@ let
 
   inherit (config.services.avahi) nssmdns;
   inherit (config.services.samba) nsswins;
-  ldap = config.users.ldap.enable;
+  ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);
 
 in
 
-- 
cgit 1.4.1