Openldap module declarative contents #36249

Ekleog · 2018-03-03T14:36:58Z

This PR allows to declaratively set the contents of the LDAP database. I've tested it on my machine by replacing the stock module with the post-PR one, and it appears to work.

Ekleog · 2018-03-03T16:08:47Z

cc @domenkozar @Mic92 for the last few changes to this module, hopefully it can still get in before 18.03 :)

Mic92 · 2018-03-03T17:55:15Z

services = {
+    openldap = {
+      enable = true;
+      declarativeContents = ''
+        dn: dc=example,dc=org
+        objectClass: domain
+        dc: example
+      '';
+    };

results in:

Mar 03 17:51:50 turingmachine systemd[1]: Starting LDAP server...
Mar 03 17:51:50 turingmachine openldap-pre-start[28809]: Available database(s) do not allow slapadd
Mar 03 17:51:50 turingmachine systemd[1]: openldap.service: Control process exited, code=exited status=1
Mar 03 17:51:50 turingmachine systemd[1]: openldap.service: Failed with result 'exit-code'.
Mar 03 17:51:50 turingmachine systemd[1]: Failed to start LDAP server.

What else is required?

Ekleog · 2018-03-03T18:09:13Z

Is services.openldap supposed to work without a configuration file? (the one generated is empty if extraConfig is empty)

It works for me with this (ie. keeping the same extraConfig as before and adding the declarativeContents):

{
  services.openldap = {
    enable = true;
    urlList = [ "ldap://127.0.0.1:389/" ];
    extraConfig = ''
      include ${pkgs.openldap}/etc/schema/core.schema
      include ${pkgs.openldap}/etc/schema/cosine.schema
      include ${pkgs.openldap}/etc/schema/inetorgperson.schema
      include ${pkgs.openldap}/etc/schema/nis.schema
  
      database bdb
      suffix dc=gaspard,dc=ninja
      directory /var/db/openldap
      rootdn cn=root,dc=gaspard,dc=ninja
      rootpw [...]
      index cn,sn,uid pres,eq,approx,sub
      index objectClass eq
    '';
    declarativeContents = ''
      dn: dc=gaspard,dc=ninja
      objectClass: domain
      dc: gaspard
     
      dn: ou=users,dc=gaspard,dc=ninja
      objectClass: organizationalUnit
      ou: users
     
      # ...
    '';
  };
}

Mic92 · 2018-03-03T18:54:37Z

@GrahamcOfBorg test openldap

GrahamcOfBorg · 2018-03-03T18:54:56Z

Failure on x86_64-linux (full log)

Partial log (click to expand)

while evaluating the attribute ‘drvPath’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/lib/customisation.nix:179:13:
while evaluating the attribute ‘drvPath’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/lib/customisation.nix:146:13:
while evaluating the attribute ‘buildCommand’ of the derivation ‘vm-test-run-dovecot’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/stdenv/generic/make-derivation.nix:148:11:
while evaluating the attribute ‘buildCommand’ of the derivation ‘nixos-test-driver-dovecot’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/stdenv/generic/make-derivation.nix:148:11:
while evaluating the attribute ‘buildCommand’ of the derivation ‘nixos-vm’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/stdenv/generic/make-derivation.nix:148:11:
while evaluating the attribute ‘buildCommand’ of the derivation ‘nixos-system-machine-18.03.git.ee2b145’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/stdenv/generic/make-derivation.nix:148:11:
while evaluating ‘optionalString’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/lib/strings.nix:138:26, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/nixos/modules/system/activation/top-level.nix:40:9:
while evaluating the attribute ‘closure’ of the derivation ‘initrd’ at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/stdenv/generic/make-derivation.nix:148:11:
while evaluating anonymous function at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/build-support/closure-info.nix:9:1, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/build-support/kernel/make-initrd.nix:33:13:
assertion failed at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ogden/pkgs/build-support/closure-info.nix:11:1

Mic92 · 2018-03-03T19:00:15Z

test worked locally.

Ekleog · 2018-03-03T19:02:06Z

Thanks! :)

GrahamcOfBorg · 2018-03-03T19:02:33Z

Failure on aarch64-linux (full log)

Partial log (click to expand)

   Loaded: loaded (/nix/store/fr6ms7ks7i7bw7fxi9b77wxcj3rw7q54-unit-openldap.service/openldap.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
error: command `systemctl status openldap.service' did not succeed (exit code 3)
command `systemctl status openldap.service' did not succeed (exit code 3)
cleaning up
killing machine (pid 627)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
builder for '/nix/store/gp84f4znis7hrlqwg80yhmw4iv6a3034-vm-test-run-dovecot.drv' failed with exit code 255
�[31;1merror:�[0m build of '/nix/store/gp84f4znis7hrlqwg80yhmw4iv6a3034-vm-test-run-dovecot.drv' failed

Ekleog added 2 commits March 3, 2018 15:33

openldap module: cleanup

cca9ec2

openldap module: allow defining contents declaratively

aeef7c9

GrahamcOfBorg added 6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0 labels Mar 3, 2018

nixos/openldap: add test

b2acbe5

Mic92 merged commit 6749f6e into NixOS:master Mar 3, 2018

Ekleog deleted the openldap-module-declarative-contents branch March 3, 2018 19:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Openldap module declarative contents #36249

Openldap module declarative contents #36249

Ekleog commented Mar 3, 2018

Ekleog commented Mar 3, 2018

Mic92 commented Mar 3, 2018

Ekleog commented Mar 3, 2018

Mic92 commented Mar 3, 2018

GrahamcOfBorg commented Mar 3, 2018

Mic92 commented Mar 3, 2018

Ekleog commented Mar 3, 2018

GrahamcOfBorg commented Mar 3, 2018

Openldap module declarative contents #36249

Openldap module declarative contents #36249

Conversation

Ekleog commented Mar 3, 2018

Ekleog commented Mar 3, 2018

Mic92 commented Mar 3, 2018

Ekleog commented Mar 3, 2018

Mic92 commented Mar 3, 2018

GrahamcOfBorg commented Mar 3, 2018

Mic92 commented Mar 3, 2018

Ekleog commented Mar 3, 2018

GrahamcOfBorg commented Mar 3, 2018