New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modular OpenLDAP #21764
Modular OpenLDAP #21764
Conversation
Turn on all overlays and all modules except perl, ndb, sql. Those modules aren't built by default anyway. This change does not add new dependencies, but will require additional configuration to load modules, including `back_mdb`. This is how OpenLDAP is built in Debian.
How does this affect existing configuration? Is it required to load modules manually? |
|
Do you agree on this change @DerTim1 ? I am not an expert on ldap myself. |
I'm doing a review at the moment... |
I'm an expert in openldap zalora/nixsap@7511e9b :D |
"--disable-ndb" | ||
"--disable-perl" | ||
"--disable-sql" | ||
"--enable-backends=mod" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put backends to modular load (default: yes) is problematic. If you load a module (e.g. back_hdb), you have to specify the path of modules-dir. This path is in a nix-store.
If we need this configure option, we have to add something like this
ln -s /nix/store/hv58j5qilznnc3arjgdzymkq58cxn9wc-openldap-2.4.44/libexec/openldap /usr/lib/ldap
to the openldap-service of NixOS. Then we can use a static path to load modules in config-files (slapd.conf) or with config-dir (slap.d).
But I think /usr/lib/ldap
(default) isn't a good idea. Maybe /var/db/openldap/modules
is a better choise
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have to specify the path of modules-dir
No you haven't. OpenLDAP modules are immediately available, because it knows its libdir ($out/lib/...
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Third-party modules, if any, can be loaded by absolute path (/foo
or /nix/store/
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I will retry with a different slap.d-configuration.
Be right back...
@ip1981 Thanks, but I like the four eyes principle, because we are all humans. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, approved with my slap.d-conf.
But I haven't tested the NixOS-module with the example slapd.conf
@Mic92 Now also approved with example-slapd.conf... |
@Mic92 Entirely right |
Turn on all overlays and all modules except perl, ndb, sql.
Those modules aren't built by default anyway.
This change does not add new dependencies, but will require
additional configuration to load modules, including
back_mdb
.This is how OpenLDAP is built in Debian.
Motivation for this change
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)