Merge pull request #36249 from Ekleog/openldap-module-declarative-contents

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Openldap module declarative contents

authored by

Jörg Thalheim and committed by

GitHub 8 years ago 6749f6e2 e6b8eb02

+82 -6

3 changed files

expand all

unified split

nixos

modules

services

databases

openldap.nix

release.nix

tests

openldap.nix

+46 -6

nixos/modules/services/databases/openldap.nix

··· 7 7 cfg = config.services.openldap; 8 8 openldap = pkgs.openldap; 9 9 10 + dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; 10 11 configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; 11 - 12 + configOpts = if cfg.configDir == null then "-f ${configFile}" 13 + else "-F ${cfg.configDir}"; 12 14 in 13 15 14 16 { ··· 81 83 ''' 82 84 ''; 83 85 }; 86 + 87 + declarativeContents = mkOption { 88 + type = with types; nullOr lines; 89 + default = null; 90 + description = '' 91 + Declarative contents for the LDAP database, in LDIF format. 92 + 93 + Note a few facts when using it. First, the database 94 + <emphasis>must</emphasis> be stored in the directory defined by 95 + <code>dataDir</code>. Second, all <code>dataDir</code> will be erased 96 + when starting the LDAP server. Third, modifications to the database 97 + are not prevented, they are just dropped on the next reboot of the 98 + server. Finally, performance-wise the database and indexes are rebuilt 99 + on each server startup, so this will slow down server startup, 100 + especially with large databases. 101 + ''; 102 + example = '' 103 + dn: dc=example,dc=org 104 + objectClass: domain 105 + dc: example 106 + 107 + dn: ou=users,dc=example,dc=org 108 + objectClass = organizationalUnit 109 + ou: users 110 + 111 + # ... 112 + ''; 113 + }; 84 114 }; 85 115 86 116 }; ··· 88 118 89 119 ###### implementation 90 120 91 - config = mkIf config.services.openldap.enable { 121 + config = mkIf cfg.enable { 92 122 93 123 environment.systemPackages = [ openldap ]; 94 124 ··· 98 128 after = [ "network.target" ]; 99 129 preStart = '' 100 130 mkdir -p /var/run/slapd 101 - chown -R ${cfg.user}:${cfg.group} /var/run/slapd 102 - mkdir -p ${cfg.dataDir} 103 - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} 131 + chown -R "${cfg.user}:${cfg.group}" /var/run/slapd 132 + ${optionalString (cfg.declarativeContents != null) '' 133 + rm -Rf "${cfg.dataDir}" 134 + ''} 135 + mkdir -p "${cfg.dataDir}" 136 + ${optionalString (cfg.declarativeContents != null) '' 137 + ${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile} 138 + ''} 139 + chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}" 104 140 ''; 105 - serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" ${if cfg.configDir == null then "-f "+configFile else "-F "+cfg.configDir}"; 141 + serviceConfig.ExecStart = 142 + "${openldap.out}/libexec/slapd -d 0 " + 143 + "-u '${cfg.user}' -g '${cfg.group}' " + 144 + "-h '${concatStringsSep " " cfg.urlList}' " + 145 + "${configOpts}"; 106 146 }; 107 147 108 148 users.extraUsers.openldap =

nixos/release.nix

··· 325 325 tests.leaps = callTest tests/leaps.nix { }; 326 326 tests.nsd = callTest tests/nsd.nix {}; 327 327 tests.openssh = callTest tests/openssh.nix {}; 328 + tests.openldap = callTest tests/openldap.nix {}; 328 329 tests.owncloud = callTest tests/owncloud.nix {}; 329 330 tests.pam-oath-login = callTest tests/pam-oath-login.nix {}; 330 331 #tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};

+35

nixos/tests/openldap.nix

··· 1 + import ./make-test.nix { 2 + name = "dovecot"; 3 + 4 + machine = { pkgs, ... }: { 5 + services.openldap = { 6 + enable = true; 7 + extraConfig = '' 8 + include ${pkgs.openldap}/etc/schema/core.schema 9 + include ${pkgs.openldap}/etc/schema/cosine.schema 10 + include ${pkgs.openldap}/etc/schema/inetorgperson.schema 11 + include ${pkgs.openldap}/etc/schema/nis.schema 12 + database bdb 13 + suffix dc=example 14 + directory /var/db/openldap 15 + rootdn cn=root,dc=example 16 + rootpw notapassword 17 + ''; 18 + declarativeContents = '' 19 + dn: dc=example 20 + objectClass: domain 21 + dc: example 22 + 23 + dn: ou=users,dc=example 24 + objectClass: organizationalUnit 25 + ou: users 26 + ''; 27 + }; 28 + }; 29 + 30 + testScript = '' 31 + $machine->succeed('systemctl status openldap.service'); 32 + $machine->waitForUnit('openldap.service'); 33 + $machine->succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"'); 34 + ''; 35 + }