nixos/tests/sssd-ldap.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / sssd-ldap.nix
at 21.11-pre 2.7 kB view raw
 1({ pkgs, ... }:
 2  let
 3    dbDomain = "example.org";
 4    dbSuffix = "dc=example,dc=org";
 5
 6    ldapRootUser = "admin";
 7    ldapRootPassword = "foobar";
 8
 9    testUser = "alice";
10  in import ./make-test-python.nix {
11    name = "sssd-ldap";
12
13    meta = with pkgs.lib.maintainers; {
14      maintainers = [ bbigras ];
15    };
16
17    machine = { pkgs, ... }: {
18      services.openldap = {
19        enable = true;
20        settings = {
21          children = {
22            "cn=schema".includes = [
23              "${pkgs.openldap}/etc/schema/core.ldif"
24              "${pkgs.openldap}/etc/schema/cosine.ldif"
25              "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
26              "${pkgs.openldap}/etc/schema/nis.ldif"
27            ];
28            "olcDatabase={1}mdb" = {
29              attrs = {
30                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
31                olcDatabase = "{1}mdb";
32                olcDbDirectory = "/var/db/openldap";
33                olcSuffix = dbSuffix;
34                olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
35                olcRootPW = ldapRootPassword;
36              };
37            };
38          };
39        };
40        declarativeContents = {
41          ${dbSuffix} = ''
42            dn: ${dbSuffix}
43            objectClass: top
44            objectClass: dcObject
45            objectClass: organization
46            o: ${dbDomain}
47
48            dn: ou=posix,${dbSuffix}
49            objectClass: top
50            objectClass: organizationalUnit
51
52            dn: ou=accounts,ou=posix,${dbSuffix}
53            objectClass: top
54            objectClass: organizationalUnit
55
56            dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
57            objectClass: person
58            objectClass: posixAccount
59            # userPassword: somePasswordHash
60            homeDirectory: /home/${testUser}
61            uidNumber: 1234
62            gidNumber: 1234
63            cn: ""
64            sn: ""
65          '';
66        };
67      };
68
69      services.sssd = {
70        enable = true;
71        config = ''
72          [sssd]
73          config_file_version = 2
74          services = nss, pam, sudo
75          domains = ${dbDomain}
76
77          [domain/${dbDomain}]
78          auth_provider = ldap
79          id_provider = ldap
80          ldap_uri = ldap://127.0.0.1:389
81          ldap_search_base = ${dbSuffix}
82          ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
83          ldap_default_authtok_type = password
84          ldap_default_authtok = ${ldapRootPassword}
85        '';
86      };
87    };
88
89    testScript = ''
90      machine.start()
91      machine.wait_for_unit("openldap.service")
92      machine.wait_for_unit("sssd.service")
93      machine.succeed("getent passwd ${testUser}")
94    '';
95  }
96)