pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / openldap.nix
at 22.05-pre 3.9 kB view raw
1{ pkgs ? (import ../.. { inherit system; config = { }; }) 2, system ? builtins.currentSystem 3, ... 4}: 5 6let 7 dbContents = '' 8 dn: dc=example 9 objectClass: domain 10 dc: example 11 12 dn: ou=users,dc=example 13 objectClass: organizationalUnit 14 ou: users 15 ''; 16 testScript = '' 17 machine.wait_for_unit("openldap.service") 18 machine.succeed( 19 'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"', 20 ) 21 ''; 22in { 23 # New-style configuration 24 current = import ./make-test-python.nix ({ pkgs, ... }: { 25 inherit testScript; 26 name = "openldap"; 27 28 machine = { pkgs, ... }: { 29 environment.etc."openldap/root_password".text = "notapassword"; 30 services.openldap = { 31 enable = true; 32 settings = { 33 children = { 34 "cn=schema".includes = [ 35 "${pkgs.openldap}/etc/schema/core.ldif" 36 "${pkgs.openldap}/etc/schema/cosine.ldif" 37 "${pkgs.openldap}/etc/schema/inetorgperson.ldif" 38 "${pkgs.openldap}/etc/schema/nis.ldif" 39 ]; 40 "olcDatabase={1}mdb" = { 41 # This tests string, base64 and path values, as well as lists of string values 42 attrs = { 43 objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; 44 olcDatabase = "{1}mdb"; 45 olcDbDirectory = "/var/db/openldap"; 46 olcSuffix = "dc=example"; 47 olcRootDN = { 48 # cn=root,dc=example 49 base64 = "Y249cm9vdCxkYz1leGFtcGxl"; 50 }; 51 olcRootPW = { 52 path = "/etc/openldap/root_password"; 53 }; 54 }; 55 }; 56 }; 57 }; 58 declarativeContents."dc=example" = dbContents; 59 }; 60 }; 61 }) { inherit pkgs system; }; 62 63 # Old-style configuration 64 oldOptions = import ./make-test-python.nix ({ pkgs, ... }: { 65 inherit testScript; 66 name = "openldap"; 67 68 machine = { pkgs, ... }: { 69 services.openldap = { 70 enable = true; 71 logLevel = "stats acl"; 72 defaultSchemas = true; 73 database = "mdb"; 74 suffix = "dc=example"; 75 rootdn = "cn=root,dc=example"; 76 rootpw = "notapassword"; 77 declarativeContents."dc=example" = dbContents; 78 }; 79 }; 80 }) { inherit system pkgs; }; 81 82 # Manually managed configDir, for example if dynamic config is essential 83 manualConfigDir = import ./make-test-python.nix ({ pkgs, ... }: { 84 name = "openldap"; 85 86 machine = { pkgs, ... }: { 87 services.openldap = { 88 enable = true; 89 configDir = "/var/db/slapd.d"; 90 }; 91 }; 92 93 testScript = let 94 contents = pkgs.writeText "data.ldif" dbContents; 95 config = pkgs.writeText "config.ldif" '' 96 dn: cn=config 97 cn: config 98 objectClass: olcGlobal 99 olcLogLevel: stats 100 olcPidFile: /run/slapd/slapd.pid 101 102 dn: cn=schema,cn=config 103 cn: schema 104 objectClass: olcSchemaConfig 105 106 include: file://${pkgs.openldap}/etc/schema/core.ldif 107 include: file://${pkgs.openldap}/etc/schema/cosine.ldif 108 include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif 109 110 dn: olcDatabase={1}mdb,cn=config 111 objectClass: olcDatabaseConfig 112 objectClass: olcMdbConfig 113 olcDatabase: {1}mdb 114 olcDbDirectory: /var/db/openldap 115 olcDbIndex: objectClass eq 116 olcSuffix: dc=example 117 olcRootDN: cn=root,dc=example 118 olcRootPW: notapassword 119 ''; 120 in '' 121 machine.succeed( 122 "mkdir -p /var/db/slapd.d /var/db/openldap", 123 "slapadd -F /var/db/slapd.d -n0 -l ${config}", 124 "slapadd -F /var/db/slapd.d -n1 -l ${contents}", 125 "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap", 126 "systemctl restart openldap", 127 ) 128 '' + testScript; 129 }) { inherit system pkgs; }; 130}