nixos/tests/sssd-ldap.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / sssd-ldap.nix
at 22.05-pre 2.5 kB view raw
 1let
 2  dbDomain = "example.org";
 3  dbSuffix = "dc=example,dc=org";
 4
 5  ldapRootUser = "admin";
 6  ldapRootPassword = "foobar";
 7
 8  testUser = "alice";
 9in import ./make-test-python.nix ({pkgs, ...}: {
10  name = "sssd-ldap";
11
12  meta = with pkgs.lib.maintainers; {
13    maintainers = [ bbigras ];
14  };
15
16  machine = { pkgs, ... }: {
17    services.openldap = {
18      enable = true;
19      settings = {
20        children = {
21          "cn=schema".includes = [
22            "${pkgs.openldap}/etc/schema/core.ldif"
23            "${pkgs.openldap}/etc/schema/cosine.ldif"
24            "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
25            "${pkgs.openldap}/etc/schema/nis.ldif"
26          ];
27          "olcDatabase={1}mdb" = {
28            attrs = {
29              objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
30              olcDatabase = "{1}mdb";
31              olcDbDirectory = "/var/db/openldap";
32              olcSuffix = dbSuffix;
33              olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
34              olcRootPW = ldapRootPassword;
35            };
36          };
37        };
38      };
39      declarativeContents = {
40        ${dbSuffix} = ''
41          dn: ${dbSuffix}
42          objectClass: top
43          objectClass: dcObject
44          objectClass: organization
45          o: ${dbDomain}
46
47          dn: ou=posix,${dbSuffix}
48          objectClass: top
49          objectClass: organizationalUnit
50
51          dn: ou=accounts,ou=posix,${dbSuffix}
52          objectClass: top
53          objectClass: organizationalUnit
54
55          dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
56          objectClass: person
57          objectClass: posixAccount
58          # userPassword: somePasswordHash
59          homeDirectory: /home/${testUser}
60          uidNumber: 1234
61          gidNumber: 1234
62          cn: ""
63          sn: ""
64        '';
65      };
66    };
67
68    services.sssd = {
69      enable = true;
70      config = ''
71        [sssd]
72        config_file_version = 2
73        services = nss, pam, sudo
74        domains = ${dbDomain}
75
76        [domain/${dbDomain}]
77        auth_provider = ldap
78        id_provider = ldap
79        ldap_uri = ldap://127.0.0.1:389
80        ldap_search_base = ${dbSuffix}
81        ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
82        ldap_default_authtok_type = password
83        ldap_default_authtok = ${ldapRootPassword}
84      '';
85    };
86  };
87
88  testScript = ''
89    machine.start()
90    machine.wait_for_unit("openldap.service")
91    machine.wait_for_unit("sssd.service")
92    machine.succeed("getent passwd ${testUser}")
93  '';
94})