pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / lldap.nix
at 2bccbf892e4e8c342f2dac4d893fbba0a0a1319f 2.8 kB view raw
1{ ... }: 2let 3 adminPassword = "mySecretPassword"; 4in 5{ 6 name = "lldap"; 7 8 nodes.machine = 9 { pkgs, lib, ... }: 10 { 11 services.lldap = { 12 enable = true; 13 14 settings = { 15 verbose = true; 16 ldap_base_dn = "dc=example,dc=com"; 17 18 ldap_user_pass = "password"; 19 }; 20 }; 21 environment.systemPackages = [ pkgs.openldap ]; 22 23 specialisation = { 24 differentAdminPassword.configuration = 25 { ... }: 26 { 27 services.lldap.settings = { 28 ldap_user_pass = lib.mkForce null; 29 ldap_user_pass_file = lib.mkForce (toString (pkgs.writeText "adminPasswordFile" adminPassword)); 30 force_ldap_user_pass_reset = "always"; 31 }; 32 }; 33 34 changeAdminPassword.configuration = 35 { ... }: 36 { 37 services.lldap.settings = { 38 ldap_user_pass = lib.mkForce null; 39 ldap_user_pass_file = toString (pkgs.writeText "adminPasswordFile" "password"); 40 force_ldap_user_pass_reset = false; 41 }; 42 }; 43 }; 44 }; 45 46 testScript = 47 { nodes, ... }: 48 let 49 specializations = "${nodes.machine.system.build.toplevel}/specialisation"; 50 in 51 '' 52 machine.wait_for_unit("lldap.service") 53 machine.wait_for_open_port(3890) 54 machine.wait_for_open_port(17170) 55 56 machine.succeed("curl --location --fail http://localhost:17170/") 57 58 adminPassword="${adminPassword}" 59 60 def try_login(user, password, expect_success=True): 61 cmd = f'ldapsearch -H ldap://localhost:3890 -D uid={user},ou=people,dc=example,dc=com -b "ou=people,dc=example,dc=com" -w {password}' 62 code, response = machine.execute(cmd) 63 print(cmd) 64 print(response) 65 if expect_success: 66 if code != 0: 67 raise Exception(f"Expected success, had failure {code}") 68 else: 69 if code == 0: 70 raise Exception("Expected failure, had success") 71 return response 72 73 with subtest("default admin password"): 74 try_login("admin", "password", expect_success=True) 75 try_login("admin", adminPassword, expect_success=False) 76 77 with subtest("different admin password"): 78 machine.succeed('${specializations}/differentAdminPassword/bin/switch-to-configuration test') 79 try_login("admin", "password", expect_success=False) 80 try_login("admin", adminPassword, expect_success=True) 81 82 with subtest("change admin password has no effect"): 83 machine.succeed('${specializations}/differentAdminPassword/bin/switch-to-configuration test') 84 try_login("admin", "password", expect_success=False) 85 try_login("admin", adminPassword, expect_success=True) 86 ''; 87}