commit 6749f6e26e540cd338f61bdfe6c8bad7a14b4016 · pyrox.dev/nixpkgs

+46 -6

nixos/modules/services/databases/openldap.nix

···

       7
        
         cfg = config.services.openldap;

     

       8
        
         openldap = pkgs.openldap;

     

       9
        
       

     

       0
        
       
     

       10
        
         configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;

     

       11
       -
       

     

       0
        
       
     

       12
        
       in

     

       13
        
       

     

       14
        
       {

     
···

       81
        
                   '''

     

       82
        
                 '';

     

       83
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       84
        
           };

     

       85
        
       

     

       86
        
         };

     
···

       88
        
       

     

       89
        
         ###### implementation

     

       90
        
       

     

       91
       -
         config = mkIf config.services.openldap.enable {

     

       92
        
       

     

       93
        
           environment.systemPackages = [ openldap ];

     

       94
        
       

     
···

       98
        
             after = [ "network.target" ];

     

       99
        
             preStart = ''

     

       100
        
               mkdir -p /var/run/slapd

     

       101
       -
               chown -R ${cfg.user}:${cfg.group} /var/run/slapd

     

       102
       -
               mkdir -p ${cfg.dataDir}

     

       103
       -
               chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       104
        
             '';

     

       105
       -
             serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" ${if cfg.configDir == null then "-f "+configFile else "-F "+cfg.configDir}";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       106
        
           };

     

       107
        
       

     

       108
        
           users.extraUsers.openldap =

···

       7
        
         cfg = config.services.openldap;

     

       8
        
         openldap = pkgs.openldap;

     

       9
        
       

     

       10
       +
         dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;

     

       11
        
         configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;

     

       12
       +
         configOpts = if cfg.configDir == null then "-f ${configFile}"

     

       13
       +
                      else "-F ${cfg.configDir}";

     

       14
        
       in

     

       15
        
       

     

       16
        
       {

     
···

       83
        
                   '''

     

       84
        
                 '';

     

       85
        
             };

     

       86
       +
       

     

       87
       +
             declarativeContents = mkOption {

     

       88
       +
               type = with types; nullOr lines;

     

       89
       +
               default = null;

     

       90
       +
               description = ''

     

       91
       +
                 Declarative contents for the LDAP database, in LDIF format.

     

       92
       +
       

     

       93
       +
                 Note a few facts when using it. First, the database

     

       94
       +
                 <emphasis>must</emphasis> be stored in the directory defined by

     

       95
       +
                 <code>dataDir</code>. Second, all <code>dataDir</code> will be erased

     

       96
       +
                 when starting the LDAP server. Third, modifications to the database

     

       97
       +
                 are not prevented, they are just dropped on the next reboot of the

     

       98
       +
                 server. Finally, performance-wise the database and indexes are rebuilt

     

       99
       +
                 on each server startup, so this will slow down server startup,

     

       100
       +
                 especially with large databases.

     

       101
       +
               '';

     

       102
       +
               example = ''

     

       103
       +
                 dn: dc=example,dc=org

     

       104
       +
                 objectClass: domain

     

       105
       +
                 dc: example

     

       106
       +
       

     

       107
       +
                 dn: ou=users,dc=example,dc=org

     

       108
       +
                 objectClass = organizationalUnit

     

       109
       +
                 ou: users

     

       110
       +
       

     

       111
       +
                 # ...

     

       112
       +
               '';

     

       113
       +
             };

     

       114
        
           };

     

       115
        
       

     

       116
        
         };

     
···

       118
        
       

     

       119
        
         ###### implementation

     

       120
        
       

     

       121
       +
         config = mkIf cfg.enable {

     

       122
        
       

     

       123
        
           environment.systemPackages = [ openldap ];

     

       124
        
       

     
···

       128
        
             after = [ "network.target" ];

     

       129
        
             preStart = ''

     

       130
        
               mkdir -p /var/run/slapd

     

       131
       +
               chown -R "${cfg.user}:${cfg.group}" /var/run/slapd

     

       132
       +
               ${optionalString (cfg.declarativeContents != null) ''

     

       133
       +
                 rm -Rf "${cfg.dataDir}"

     

       134
       +
               ''}

     

       135
       +
               mkdir -p "${cfg.dataDir}"

     

       136
       +
               ${optionalString (cfg.declarativeContents != null) ''

     

       137
       +
                 ${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}

     

       138
       +
               ''}

     

       139
       +
               chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"

     

       140
        
             '';

     

       141
       +
             serviceConfig.ExecStart =

     

       142
       +
               "${openldap.out}/libexec/slapd -d 0 " +

     

       143
       +
                 "-u '${cfg.user}' -g '${cfg.group}' " +

     

       144
       +
                 "-h '${concatStringsSep " " cfg.urlList}' " +

     

       145
       +
                 "${configOpts}";

     

       146
        
           };

     

       147
        
       

     

       148
        
           users.extraUsers.openldap =

nixos/release.nix

···

       325
        
         tests.leaps = callTest tests/leaps.nix { };

     

       326
        
         tests.nsd = callTest tests/nsd.nix {};

     

       327
        
         tests.openssh = callTest tests/openssh.nix {};

     

       0
        
       
     

       328
        
         tests.owncloud = callTest tests/owncloud.nix {};

     

       329
        
         tests.pam-oath-login = callTest tests/pam-oath-login.nix {};

     

       330
        
         #tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};

···

       325
        
         tests.leaps = callTest tests/leaps.nix { };

     

       326
        
         tests.nsd = callTest tests/nsd.nix {};

     

       327
        
         tests.openssh = callTest tests/openssh.nix {};

     

       328
       +
         tests.openldap = callTest tests/openldap.nix {};

     

       329
        
         tests.owncloud = callTest tests/owncloud.nix {};

     

       330
        
         tests.pam-oath-login = callTest tests/pam-oath-login.nix {};

     

       331
        
         #tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};

+35

nixos/tests/openldap.nix

···

       1
       +
       import ./make-test.nix {

     

       2
       +
         name = "dovecot";

     

       3
       +
       

     

       4
       +
         machine = { pkgs, ... }: {

     

       5
       +
           services.openldap = {

     

       6
       +
             enable = true;

     

       7
       +
             extraConfig = ''

     

       8
       +
               include ${pkgs.openldap}/etc/schema/core.schema

     

       9
       +
               include ${pkgs.openldap}/etc/schema/cosine.schema

     

       10
       +
               include ${pkgs.openldap}/etc/schema/inetorgperson.schema

     

       11
       +
               include ${pkgs.openldap}/etc/schema/nis.schema

     

       12
       +
               database bdb

     

       13
       +
               suffix dc=example

     

       14
       +
               directory /var/db/openldap

     

       15
       +
               rootdn cn=root,dc=example

     

       16
       +
               rootpw notapassword

     

       17
       +
             '';

     

       18
       +
             declarativeContents = ''

     

       19
       +
               dn: dc=example

     

       20
       +
               objectClass: domain

     

       21
       +
               dc: example

     

       22
       +
       

     

       23
       +
               dn: ou=users,dc=example

     

       24
       +
               objectClass: organizationalUnit

     

       25
       +
               ou: users

     

       26
       +
             '';

     

       27
       +
           };

     

       28
       +
         };

     

       29
       +
       

     

       30
       +
         testScript = ''

     

       31
       +
           $machine->succeed('systemctl status openldap.service');

     

       32
       +
           $machine->waitForUnit('openldap.service');

     

       33
       +
           $machine->succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"');

     

       34
       +
         '';

     

       35
       +
       }