nixos/tests/sssd-ldap.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / sssd-ldap.nix
at 23.05-pre 2.9 kB view raw
  1let
  2  dbDomain = "example.org";
  3  dbSuffix = "dc=example,dc=org";
  4
  5  ldapRootUser = "admin";
  6  ldapRootPassword = "foobar";
  7
  8  testUser = "alice";
  9in import ./make-test-python.nix ({pkgs, ...}: {
 10  name = "sssd-ldap";
 11
 12  meta = with pkgs.lib.maintainers; {
 13    maintainers = [ bbigras ];
 14  };
 15
 16  nodes.machine = { pkgs, ... }: {
 17    services.openldap = {
 18      enable = true;
 19      settings = {
 20        children = {
 21          "cn=schema".includes = [
 22            "${pkgs.openldap}/etc/schema/core.ldif"
 23            "${pkgs.openldap}/etc/schema/cosine.ldif"
 24            "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
 25            "${pkgs.openldap}/etc/schema/nis.ldif"
 26          ];
 27          "olcDatabase={1}mdb" = {
 28            attrs = {
 29              objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
 30              olcDatabase = "{1}mdb";
 31              olcDbDirectory = "/var/lib/openldap/db";
 32              olcSuffix = dbSuffix;
 33              olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
 34              olcRootPW = ldapRootPassword;
 35            };
 36          };
 37        };
 38      };
 39      declarativeContents = {
 40        ${dbSuffix} = ''
 41          dn: ${dbSuffix}
 42          objectClass: top
 43          objectClass: dcObject
 44          objectClass: organization
 45          o: ${dbDomain}
 46
 47          dn: ou=posix,${dbSuffix}
 48          objectClass: top
 49          objectClass: organizationalUnit
 50
 51          dn: ou=accounts,ou=posix,${dbSuffix}
 52          objectClass: top
 53          objectClass: organizationalUnit
 54
 55          dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
 56          objectClass: person
 57          objectClass: posixAccount
 58          # userPassword: somePasswordHash
 59          homeDirectory: /home/${testUser}
 60          uidNumber: 1234
 61          gidNumber: 1234
 62          cn: ""
 63          sn: ""
 64        '';
 65      };
 66    };
 67
 68    services.sssd = {
 69      enable = true;
 70      # just for testing purposes, don't put this into the Nix store in production!
 71      environmentFile = "${pkgs.writeText "ldap-root" "LDAP_BIND_PW=${ldapRootPassword}"}";
 72      config = ''
 73        [sssd]
 74        config_file_version = 2
 75        services = nss, pam, sudo
 76        domains = ${dbDomain}
 77
 78        [domain/${dbDomain}]
 79        auth_provider = ldap
 80        id_provider = ldap
 81        ldap_uri = ldap://127.0.0.1:389
 82        ldap_search_base = ${dbSuffix}
 83        ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
 84        ldap_default_authtok_type = password
 85        ldap_default_authtok = $LDAP_BIND_PW
 86      '';
 87    };
 88  };
 89
 90  testScript = ''
 91    machine.start()
 92    machine.wait_for_unit("openldap.service")
 93    machine.wait_for_unit("sssd.service")
 94    result = machine.execute("getent passwd ${testUser}")
 95    if result[0] == 0:
 96      assert "${testUser}" in result[1]
 97    else:
 98      machine.wait_for_console_text("Backend is online")
 99      machine.succeed("getent passwd ${testUser}")
100  '';
101})