nixpkgs/nixos/tests/openldap.nix

{ pkgs, system ? builtins.currentSystem, ... }: let
  dbContents = ''
    dn: dc=example
    objectClass: domain
    dc: example

    dn: ou=users,dc=example
    objectClass: organizationalUnit
    ou: users
  '';
  testScript = ''
    machine.wait_for_unit("openldap.service")
    machine.succeed(
        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
    )
  '';
in {
  # New-style configuration
  current = import ./make-test-python.nix {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      environment.etc."openldap/root_password".text = "notapassword";
      services.openldap = {
        enable = true;
        settings = {
          children = {
            "cn=schema".includes = [
              "${pkgs.openldap}/etc/schema/core.ldif"
              "${pkgs.openldap}/etc/schema/cosine.ldif"
              "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
              "${pkgs.openldap}/etc/schema/nis.ldif"
            ];
            "olcDatabase={1}mdb" = {
              # This tests string, base64 and path values, as well as lists of string values
              attrs = {
                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
                olcDatabase = "{1}mdb";
                olcDbDirectory = "/var/db/openldap";
                olcSuffix = "dc=example";
                olcRootDN = {
                  # cn=root,dc=example
                  base64 = "Y249cm9vdCxkYz1leGFtcGxl";
                };
                olcRootPW = {
                  path = "/etc/openldap/root_password";
                };
              };
            };
          };
        };
        declarativeContents."dc=example" = dbContents;
      };
    };
  };

  # Old-style configuration
  oldOptions = import ./make-test-python.nix {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        logLevel = "stats acl";
        defaultSchemas = true;
        database = "mdb";
        suffix = "dc=example";
        rootdn = "cn=root,dc=example";
        rootpw = "notapassword";
        declarativeContents."dc=example" = dbContents;
      };
    };
  };

  # Manually managed configDir, for example if dynamic config is essential
  manualConfigDir = import ./make-test-python.nix {
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        configDir = "/var/db/slapd.d";
      };
    };

    testScript = let
      contents = pkgs.writeText "data.ldif" dbContents;
      config = pkgs.writeText "config.ldif" ''
        dn: cn=config
        cn: config
        objectClass: olcGlobal
        olcLogLevel: stats
        olcPidFile: /run/slapd/slapd.pid

        dn: cn=schema,cn=config
        cn: schema
        objectClass: olcSchemaConfig

        include: file://${pkgs.openldap}/etc/schema/core.ldif
        include: file://${pkgs.openldap}/etc/schema/cosine.ldif
        include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif

        dn: olcDatabase={1}mdb,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcMdbConfig
        olcDatabase: {1}mdb
        olcDbDirectory: /var/db/openldap
        olcDbIndex: objectClass eq
        olcSuffix: dc=example
        olcRootDN: cn=root,dc=example
        olcRootPW: notapassword
      '';
    in ''
      machine.succeed(
          "mkdir -p /var/db/slapd.d /var/db/openldap",
          "slapadd -F /var/db/slapd.d -n0 -l ${config}",
          "slapadd -F /var/db/slapd.d -n1 -l ${contents}",
          "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
          "systemctl restart openldap",
      )
    '' + testScript;
  };
}
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`{ pkgs, system ? builtins.currentSystem, ... }: let`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`dbContents = ''`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`dn: dc=example`
			`objectClass: domain`
			`dc: example`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`dn: ou=users,dc=example`
			`objectClass: organizationalUnit`
			`ou: users`
			`'';`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`testScript = ''`
nixosTests.openldap: port test to python 2019-12-02 21:41:58 +01:00			`machine.wait_for_unit("openldap.service")`
			`machine.succeed(`
			`'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',`
			`)`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`'';`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`in {`
			`# New-style configuration`
			`current = import ./make-test-python.nix {`
			`inherit testScript;`
			`name = "openldap";`

			`machine = { pkgs, ... }: {`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`environment.etc."openldap/root_password".text = "notapassword";`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`services.openldap = {`
			`enable = true;`
			`settings = {`
			`children = {`
nixos/openldap: migrate sssd-ldap to new settings 2020-09-27 23:23:31 +01:00			`"cn=schema".includes = [`
			`"${pkgs.openldap}/etc/schema/core.ldif"`
			`"${pkgs.openldap}/etc/schema/cosine.ldif"`
			`"${pkgs.openldap}/etc/schema/inetorgperson.ldif"`
			`"${pkgs.openldap}/etc/schema/nis.ldif"`
			`];`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`"olcDatabase={1}mdb" = {`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`# This tests string, base64 and path values, as well as lists of string values`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`attrs = {`
			`objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];`
			`olcDatabase = "{1}mdb";`
			`olcDbDirectory = "/var/db/openldap";`
			`olcSuffix = "dc=example";`
nixos/openldap: fix path + base64 value types 2020-09-27 18:03:40 +01:00			`olcRootDN = {`
			`# cn=root,dc=example`
			`base64 = "Y249cm9vdCxkYz1leGFtcGxl";`
			`};`
			`olcRootPW = {`
			`path = "/etc/openldap/root_password";`
			`};`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
			`};`
			`};`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`declarativeContents."dc=example" = dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
			`};`

			`# Old-style configuration`
nixos/openldap: use mkRenamedOptionModule This offers less helpful warnings, but makes the implementation considerably more straightforward. 2020-09-27 21:50:25 +01:00			`oldOptions = import ./make-test-python.nix {`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`inherit testScript;`
			`name = "openldap";`

			`machine = { pkgs, ... }: {`
			`services.openldap = {`
			`enable = true;`
nixos/openldap: use mkRenamedOptionModule This offers less helpful warnings, but makes the implementation considerably more straightforward. 2020-09-27 21:50:25 +01:00			`logLevel = "stats acl";`
			`defaultSchemas = true;`
			`database = "mdb";`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`suffix = "dc=example";`
			`rootdn = "cn=root,dc=example";`
			`rootpw = "notapassword";`
nixos/openldap: use mkRenamedOptionModule This offers less helpful warnings, but makes the implementation considerably more straightforward. 2020-09-27 21:50:25 +01:00			`declarativeContents."dc=example" = dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`};`
			`};`
			`};`

			`# Manually managed configDir, for example if dynamic config is essential`
			`manualConfigDir = import ./make-test-python.nix {`
			`name = "openldap";`

			`machine = { pkgs, ... }: {`
			`services.openldap = {`
			`enable = true;`
			`configDir = "/var/db/slapd.d";`
			`};`
			`};`

			`testScript = let`
nixos/openldap: Allow declarativeContents for multiple databases 2020-08-24 00:07:24 +01:00			`contents = pkgs.writeText "data.ldif" dbContents;`
nixos/openldap: switch to slapd.d configuration The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode. 2020-08-02 23:52:37 +01:00			`config = pkgs.writeText "config.ldif" ''`
			`dn: cn=config`
			`cn: config`
			`objectClass: olcGlobal`
			`olcLogLevel: stats`
			`olcPidFile: /run/slapd/slapd.pid`

			`dn: cn=schema,cn=config`
			`cn: schema`
			`objectClass: olcSchemaConfig`

			`include: file://${pkgs.openldap}/etc/schema/core.ldif`
			`include: file://${pkgs.openldap}/etc/schema/cosine.ldif`
			`include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif`

			`dn: olcDatabase={1}mdb,cn=config`
			`objectClass: olcDatabaseConfig`
			`objectClass: olcMdbConfig`
			`olcDatabase: {1}mdb`
			`olcDbDirectory: /var/db/openldap`
			`olcDbIndex: objectClass eq`
			`olcSuffix: dc=example`
			`olcRootDN: cn=root,dc=example`
			`olcRootPW: notapassword`
			`'';`
			`in ''`
			`machine.succeed(`
			`"mkdir -p /var/db/slapd.d /var/db/openldap",`
			`"slapadd -F /var/db/slapd.d -n0 -l ${config}",`
			`"slapadd -F /var/db/slapd.d -n1 -l ${contents}",`
			`"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",`
			`"systemctl restart openldap",`
			`)`
			`'' + testScript;`
			`};`
nixos/openldap: add test 2018-03-03 18:53:16 +00:00			`}`