Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e6b8eb0280be
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6749f6e26e54
Choose a head ref
  • 4 commits
  • 3 files changed
  • 3 contributors

Commits on Mar 3, 2018

  1. openldap module: cleanup

    @Ekleog
    Ekleog committed Mar 3, 2018
    Copy the full SHA
    cca9ec2 View commit details

  2. openldap module: allow defining contents declaratively

    @Ekleog
    Ekleog committed Mar 3, 2018
    Copy the full SHA
    aeef7c9 View commit details

  3. nixos/openldap: add test

    @Mic92
    Mic92 committed Mar 3, 2018
    Copy the full SHA
    b2acbe5 View commit details

  4. Merge pull request #36249 from Ekleog/openldap-module-declarative-con… 

    …tents

Openldap module declarative contents
    @Mic92
    Mic92 authored Mar 3, 2018
    Copy the full SHA
    6749f6e View commit details
Showing with 82 additions and 6 deletions.
  1. +46 −6 nixos/modules/services/databases/openldap.nix
  2. +1 −0 nixos/release.nix
  3. +35 −0 nixos/tests/openldap.nix
52 changes: 46 additions & 6 deletions nixos/modules/services/databases/openldap.nix
View file
Original file line number Diff line number Diff line change
@@ -7,8 +7,10 @@ let
cfg = config.services.openldap;
openldap = pkgs.openldap;

dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;

configOpts = if cfg.configDir == null then "-f ${configFile}"
else "-F ${cfg.configDir}";
in

{
@@ -81,14 +83,42 @@ in
'''
'';
};

declarativeContents = mkOption {
type = with types; nullOr lines;
default = null;
description = ''
Declarative contents for the LDAP database, in LDIF format.
Note a few facts when using it. First, the database
<emphasis>must</emphasis> be stored in the directory defined by
<code>dataDir</code>. Second, all <code>dataDir</code> will be erased
when starting the LDAP server. Third, modifications to the database
are not prevented, they are just dropped on the next reboot of the
server. Finally, performance-wise the database and indexes are rebuilt
on each server startup, so this will slow down server startup,
especially with large databases.
'';
example = ''
dn: dc=example,dc=org
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit
ou: users
# ...
'';
};
};

};


###### implementation

config = mkIf config.services.openldap.enable {
config = mkIf cfg.enable {

environment.systemPackages = [ openldap ];

@@ -98,11 +128,21 @@ in
after = [ "network.target" ];
preStart = ''
mkdir -p /var/run/slapd
chown -R ${cfg.user}:${cfg.group} /var/run/slapd
mkdir -p ${cfg.dataDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
chown -R "${cfg.user}:${cfg.group}" /var/run/slapd
${optionalString (cfg.declarativeContents != null) ''
rm -Rf "${cfg.dataDir}"
''}
mkdir -p "${cfg.dataDir}"
${optionalString (cfg.declarativeContents != null) ''
${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}
''}
chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"
'';
serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" ${if cfg.configDir == null then "-f "+configFile else "-F "+cfg.configDir}";
serviceConfig.ExecStart =
"${openldap.out}/libexec/slapd -d 0 " +
"-u '${cfg.user}' -g '${cfg.group}' " +
"-h '${concatStringsSep " " cfg.urlList}' " +
"${configOpts}";
};

users.extraUsers.openldap =
1 change: 1 addition & 0 deletions nixos/release.nix
View file
Original file line number Diff line number Diff line change
@@ -325,6 +325,7 @@ in rec {
tests.leaps = callTest tests/leaps.nix { };
tests.nsd = callTest tests/nsd.nix {};
tests.openssh = callTest tests/openssh.nix {};
tests.openldap = callTest tests/openldap.nix {};
tests.owncloud = callTest tests/owncloud.nix {};
tests.pam-oath-login = callTest tests/pam-oath-login.nix {};
#tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};
35 changes: 35 additions & 0 deletions nixos/tests/openldap.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
import ./make-test.nix {
name = "dovecot";

machine = { pkgs, ... }: {
services.openldap = {
enable = true;
extraConfig = ''
include ${pkgs.openldap}/etc/schema/core.schema
include ${pkgs.openldap}/etc/schema/cosine.schema
include ${pkgs.openldap}/etc/schema/inetorgperson.schema
include ${pkgs.openldap}/etc/schema/nis.schema
database bdb
suffix dc=example
directory /var/db/openldap
rootdn cn=root,dc=example
rootpw notapassword
'';
declarativeContents = ''
dn: dc=example
objectClass: domain
dc: example
dn: ou=users,dc=example
objectClass: organizationalUnit
ou: users
'';
};
};

testScript = ''
$machine->succeed('systemctl status openldap.service');
$machine->waitForUnit('openldap.service');
$machine->succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"');
'';
}