pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / ldap.nix
at 18.09-beta 3.7 kB view raw
1import ./make-test.nix ({ pkgs, lib, ...} : 2 3let 4 5 dbSuffix = "dc=example,dc=com"; 6 dbPath = "/var/db/openldap"; 7 dbAdminDn = "cn=admin,${dbSuffix}"; 8 dbAdminPwd = "test"; 9 serverUri = "ldap:///"; 10 ldapUser = "test-ldap-user"; 11 ldapUserId = 10000; 12 ldapUserPwd = "test"; 13 ldapGroup = "test-ldap-group"; 14 ldapGroupId = 10000; 15 setupLdif = pkgs.writeText "test-ldap.ldif" '' 16 dn: ${dbSuffix} 17 dc: ${with lib; let dc = head (splitString "," dbSuffix); dcName = head (tail (splitString "=" dc)); in dcName} 18 o: ${dbSuffix} 19 objectclass: top 20 objectclass: dcObject 21 objectclass: organization 22 23 dn: cn=${ldapUser},${dbSuffix} 24 sn: ${ldapUser} 25 objectClass: person 26 objectClass: posixAccount 27 uid: ${ldapUser} 28 uidNumber: ${toString ldapUserId} 29 gidNumber: ${toString ldapGroupId} 30 homeDirectory: /home/${ldapUser} 31 loginShell: /bin/sh 32 userPassword: ${ldapUserPwd} 33 34 dn: cn=${ldapGroup},${dbSuffix} 35 objectClass: posixGroup 36 gidNumber: ${toString ldapGroupId} 37 memberUid: ${ldapUser} 38 ''; 39 mkClient = useDaemon: 40 { lib, ... }: 41 { 42 virtualisation.memorySize = 256; 43 virtualisation.vlans = [ 1 ]; 44 security.pam.services.su.rootOK = lib.mkForce false; 45 users.ldap.enable = true; 46 users.ldap.daemon.enable = useDaemon; 47 users.ldap.loginPam = true; 48 users.ldap.nsswitch = true; 49 users.ldap.server = "ldap://server"; 50 users.ldap.base = "${dbSuffix}"; 51 }; 52 53in 54 55{ 56 name = "ldap"; 57 meta = with pkgs.stdenv.lib.maintainers; { 58 maintainers = [ montag451 ]; 59 }; 60 61 nodes = { 62 63 server = 64 { pkgs, ... }: 65 { 66 virtualisation.memorySize = 256; 67 virtualisation.vlans = [ 1 ]; 68 networking.firewall.allowedTCPPorts = [ 389 ]; 69 services.openldap.enable = true; 70 services.openldap.dataDir = dbPath; 71 services.openldap.urlList = [ 72 serverUri 73 ]; 74 services.openldap.extraConfig = '' 75 include ${pkgs.openldap.out}/etc/schema/core.schema 76 include ${pkgs.openldap.out}/etc/schema/cosine.schema 77 include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema 78 include ${pkgs.openldap.out}/etc/schema/nis.schema 79 80 database mdb 81 suffix ${dbSuffix} 82 rootdn ${dbAdminDn} 83 rootpw ${dbAdminPwd} 84 directory ${dbPath} 85 ''; 86 }; 87 88 client1 = mkClient true; # use nss_pam_ldapd 89 client2 = mkClient false; # use nss_ldap and pam_ldap 90 91 }; 92 93 testScript = '' 94 startAll; 95 $server->waitForUnit("default.target"); 96 $client1->waitForUnit("default.target"); 97 $client2->waitForUnit("default.target"); 98 99 $server->succeed("ldapadd -D '${dbAdminDn}' -w ${dbAdminPwd} -H ${serverUri} -f '${setupLdif}'"); 100 101 # NSS tests 102 subtest "nss", sub { 103 $client1->succeed("test \"\$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}"); 104 $client1->succeed("test \"\$(id -u -n '${ldapUser}')\" = '${ldapUser}'"); 105 $client1->succeed("test \"\$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}"); 106 $client1->succeed("test \"\$(id -g -n '${ldapUser}')\" = '${ldapGroup}'"); 107 $client2->succeed("test \"\$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}"); 108 $client2->succeed("test \"\$(id -u -n '${ldapUser}')\" = '${ldapUser}'"); 109 $client2->succeed("test \"\$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}"); 110 $client2->succeed("test \"\$(id -g -n '${ldapUser}')\" = '${ldapGroup}'"); 111 }; 112 113 # PAM tests 114 subtest "pam", sub { 115 $client1->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true"); 116 $client2->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true"); 117 }; 118 ''; 119})