From 90c96ec31da23d421ba7f8ae9d766065989739ee Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Fri, 31 Jan 2020 09:55:33 -0500
Subject: [PATCH 1/2] nixos/ldap: remove redundant configuration options

---
 nixos/modules/config/ldap.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix
index 9c8e9d149371..5587e5883c9f 100644
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@@ -28,8 +28,6 @@ let
   };
 
   nslcdConfig = writeText "nslcd.conf" ''
-    uid nslcd
-    gid nslcd
     uri ${cfg.server}
     base ${cfg.base}
     timelimit ${toString cfg.timeLimit}

From 28bedc5f11d6fba739f6b761a3e554ac406af453 Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Fri, 31 Jan 2020 10:12:41 -0500
Subject: [PATCH 2/2] nixos/ldap: add CAP_SYS_RESOURCE capability to nslcd
 service

---
 nixos/modules/config/ldap.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix
index 5587e5883c9f..b554f197dc4b 100644
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@@ -280,6 +280,7 @@ in
           Group = "nslcd";
           RuntimeDirectory = [ "nslcd" ];
           PIDFile = "/run/nslcd/nslcd.pid";
+          AmbientCapabilities = "CAP_SYS_RESOURCE";
         };
       };