From 554ae9908b4abd45c9769da023470ae2c12ebdfd Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Mon, 15 Jan 2007 17:19:41 +0000
Subject: [PATCH] * Some slightly hacky LDAP support.  The problem is that
 Glibc has to   be able to find the LDAP NSS module, which is normally
 installed in   Glibc's prefix (under /lib/libnss_ldap...).  Of course, we
 can't do   that; it wouldn't be pure.  As a workaround, we simply add
 nss_ldap   to the LD_LIBRARY_PATH of the nscd daemon, which every other
 program   uses for lookups.  So we don't have to put nss_ldap in the  
 LD_LIBRARY_PATH of every program.

svn path=/nixos/trunk/; revision=7684
---
 system/etc/nsswitch.conf | 5 +++--
 system/system.nix        | 9 ++++++++-
 system/upstart.nix       | 4 +++-
 upstart-jobs/nscd.nix    | 6 +++++-
 upstart-jobs/sshd.nix    | 3 +++
 5 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/system/etc/nsswitch.conf b/system/etc/nsswitch.conf
index de9c533f07b..f557269d5bd 100644
--- a/system/etc/nsswitch.conf
+++ b/system/etc/nsswitch.conf
@@ -1,5 +1,6 @@
-passwd:         compat
-group:          compat
+passwd:         ldap files
+group:          ldap files
+shadow:         ldap files
 
 hosts:          files dns
 networks:       files dns
diff --git a/system/system.nix b/system/system.nix
index fdf06eb5806..94e28b21626 100644
--- a/system/system.nix
+++ b/system/system.nix
@@ -115,9 +115,16 @@ rec {
   };
 
 
+  # NSS modules.  Hacky!
+  nssModules = [pkgs.nss_ldap];
+
+  nssModulesPath = pkgs.lib.concatStrings (pkgs.lib.intersperse ":" 
+    (map (mod: mod + "/lib") nssModules));
+
+
   # The services (Upstart) configuration for the system.
   upstartJobs = import ./upstart.nix {
-    inherit config pkgs nix;
+    inherit config pkgs nix nssModulesPath;
   };
 
 
diff --git a/system/upstart.nix b/system/upstart.nix
index 6ceb2c92163..836a279346f 100644
--- a/system/upstart.nix
+++ b/system/upstart.nix
@@ -1,4 +1,4 @@
-{config, pkgs, nix}:
+{config, pkgs, nix, nssModulesPath}:
 
 let 
 
@@ -80,6 +80,7 @@ import ../upstart-jobs/gather.nix {
     # Name service cache daemon.
     (import ../upstart-jobs/nscd.nix {
       inherit (pkgs) glibc pwdutils;
+      inherit nssModulesPath;
     })
 
     # Handles the maintenance/stalled event (single-user shell).
@@ -97,6 +98,7 @@ import ../upstart-jobs/gather.nix {
     (import ../upstart-jobs/sshd.nix {
       inherit (pkgs) writeText openssh glibc pwdutils;
       inherit (pkgs.xorg) xauth;
+      inherit nssModulesPath;
       forwardX11 = config.get ["services" "sshd" "forwardX11"];
       allowSFTP = config.get ["services" "sshd" "allowSFTP"];
     })
diff --git a/upstart-jobs/nscd.nix b/upstart-jobs/nscd.nix
index 1e6b39dd9b3..2fcc86229b1 100644
--- a/upstart-jobs/nscd.nix
+++ b/upstart-jobs/nscd.nix
@@ -1,4 +1,4 @@
-{glibc, pwdutils}:
+{glibc, pwdutils, nssModulesPath}:
 
 {
   name = "nscd";
@@ -9,6 +9,8 @@ description \"Name Service Cache Daemon\"
 start on startup
 stop on shutdown
 
+env LD_LIBRARY_PATH=${nssModulesPath}
+
 start script
 
     if ! ${glibc}/bin/getent passwd nscd > /dev/null; then
@@ -18,6 +20,8 @@ start script
 
     mkdir -m 0755 -p /var/run/nscd
     mkdir -m 0755 -p /var/db/nscd
+
+    rm -f /var/db/nscd/* # for testing
     
 end script
 
diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix
index 69be033316d..cc2c4ddea1b 100644
--- a/upstart-jobs/sshd.nix
+++ b/upstart-jobs/sshd.nix
@@ -1,4 +1,5 @@
 { writeText, openssh, glibc, pwdutils, xauth
+, nssModulesPath
 , forwardX11, allowSFTP
 }:
 
@@ -32,6 +33,8 @@ description \"SSH server\"
 start on network-interfaces/started
 stop on network-interfaces/stop
 
+env LD_LIBRARY_PATH=${nssModulesPath}
+
 start script
     mkdir -m 0555 -p /var/empty