nixos/tests/sssd-ldap: init
This commit is contained in:
Bruno Bigras
parent
7bc3a08d3a
commit
64ce52713c
|
|
@ -325,6 +325,7 @@ in
|
||||||
sonarr = handleTest ./sonarr.nix {};
|
sonarr = handleTest ./sonarr.nix {};
|
||||||
sslh = handleTest ./sslh.nix {};
|
sslh = handleTest ./sslh.nix {};
|
||||||
sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {};
|
sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {};
|
||||||
|
sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {};
|
||||||
strongswan-swanctl = handleTest ./strongswan-swanctl.nix {};
|
strongswan-swanctl = handleTest ./strongswan-swanctl.nix {};
|
||||||
sudo = handleTest ./sudo.nix {};
|
sudo = handleTest ./sudo.nix {};
|
||||||
switchTest = handleTest ./switch-test.nix {};
|
switchTest = handleTest ./switch-test.nix {};
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,78 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
|
let
|
||||||
|
dbDomain = "example.org";
|
||||||
|
dbSuffix = "dc=example,dc=org";
|
||||||
|
|
||||||
|
ldapRootUser = "admin";
|
||||||
|
ldapRootPassword = "foobar";
|
||||||
|
|
||||||
|
testUser = "alice";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
name = "sssd-ldap";
|
||||||
|
|
||||||
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
maintainers = [ bbigras ];
|
||||||
|
};
|
||||||
|
|
||||||
|
machine = { pkgs, ... }: {
|
||||||
|
services.openldap = {
|
||||||
|
enable = true;
|
||||||
|
rootdn = "cn=${ldapRootUser},${dbSuffix}";
|
||||||
|
rootpw = ldapRootPassword;
|
||||||
|
suffix = dbSuffix;
|
||||||
|
declarativeContents = ''
|
||||||
|
dn: ${dbSuffix}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: dcObject
|
||||||
|
objectClass: organization
|
||||||
|
o: ${dbDomain}
|
||||||
|
|
||||||
|
dn: ou=posix,${dbSuffix}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
dn: ou=accounts,ou=posix,${dbSuffix}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
|
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
|
||||||
|
objectClass: person
|
||||||
|
objectClass: posixAccount
|
||||||
|
# userPassword: somePasswordHash
|
||||||
|
homeDirectory: /home/${testUser}
|
||||||
|
uidNumber: 1234
|
||||||
|
gidNumber: 1234
|
||||||
|
cn: ""
|
||||||
|
sn: ""
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.sssd = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
[sssd]
|
||||||
|
config_file_version = 2
|
||||||
|
services = nss, pam, sudo
|
||||||
|
domains = ${dbDomain}
|
||||||
|
|
||||||
|
[domain/${dbDomain}]
|
||||||
|
auth_provider = ldap
|
||||||
|
id_provider = ldap
|
||||||
|
ldap_uri = ldap://127.0.0.1:389
|
||||||
|
ldap_search_base = ${dbSuffix}
|
||||||
|
ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
|
||||||
|
ldap_default_authtok_type = password
|
||||||
|
ldap_default_authtok = ${ldapRootPassword}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
machine.start()
|
||||||
|
machine.wait_for_unit("openldap.service")
|
||||||
|
machine.wait_for_unit("sssd.service")
|
||||||
|
machine.succeed("getent passwd ${testUser}")
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
||||||
Loading…
Reference in New Issue