Merge pull request #36249 from Ekleog/openldap-module-declarative-contents
Openldap module declarative contents
This commit is contained in:
Jörg Thalheim
GitHub
commit
6749f6e26e
@ -7,8 +7,10 @@ let
|
|||||||
cfg = config.services.openldap;
|
cfg = config.services.openldap;
|
||||||
openldap = pkgs.openldap;
|
openldap = pkgs.openldap;
|
||||||
|
|
||||||
|
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
|
||||||
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
|
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
|
||||||
|
configOpts = if cfg.configDir == null then "-f ${configFile}"
|
||||||
|
else "-F ${cfg.configDir}";
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -81,6 +83,34 @@ in
|
|||||||
'''
|
'''
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
declarativeContents = mkOption {
|
||||||
|
type = with types; nullOr lines;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Declarative contents for the LDAP database, in LDIF format.
|
||||||
|
|
||||||
|
Note a few facts when using it. First, the database
|
||||||
|
<emphasis>must</emphasis> be stored in the directory defined by
|
||||||
|
<code>dataDir</code>. Second, all <code>dataDir</code> will be erased
|
||||||
|
when starting the LDAP server. Third, modifications to the database
|
||||||
|
are not prevented, they are just dropped on the next reboot of the
|
||||||
|
server. Finally, performance-wise the database and indexes are rebuilt
|
||||||
|
on each server startup, so this will slow down server startup,
|
||||||
|
especially with large databases.
|
||||||
|
'';
|
||||||
|
example = ''
|
||||||
|
dn: dc=example,dc=org
|
||||||
|
objectClass: domain
|
||||||
|
dc: example
|
||||||
|
|
||||||
|
dn: ou=users,dc=example,dc=org
|
||||||
|
objectClass = organizationalUnit
|
||||||
|
ou: users
|
||||||
|
|
||||||
|
# ...
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
@ -88,7 +118,7 @@ in
|
|||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf config.services.openldap.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
environment.systemPackages = [ openldap ];
|
environment.systemPackages = [ openldap ];
|
||||||
|
|
||||||
@ -98,11 +128,21 @@ in
|
|||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p /var/run/slapd
|
mkdir -p /var/run/slapd
|
||||||
chown -R ${cfg.user}:${cfg.group} /var/run/slapd
|
chown -R "${cfg.user}:${cfg.group}" /var/run/slapd
|
||||||
mkdir -p ${cfg.dataDir}
|
${optionalString (cfg.declarativeContents != null) ''
|
||||||
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
rm -Rf "${cfg.dataDir}"
|
||||||
|
''}
|
||||||
|
mkdir -p "${cfg.dataDir}"
|
||||||
|
${optionalString (cfg.declarativeContents != null) ''
|
||||||
|
${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}
|
||||||
|
''}
|
||||||
|
chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"
|
||||||
'';
|
'';
|
||||||
serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" ${if cfg.configDir == null then "-f "+configFile else "-F "+cfg.configDir}";
|
serviceConfig.ExecStart =
|
||||||
|
"${openldap.out}/libexec/slapd -d 0 " +
|
||||||
|
"-u '${cfg.user}' -g '${cfg.group}' " +
|
||||||
|
"-h '${concatStringsSep " " cfg.urlList}' " +
|
||||||
|
"${configOpts}";
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.openldap =
|
users.extraUsers.openldap =
|
||||||
|
|||||||
@ -325,6 +325,7 @@ in rec {
|
|||||||
tests.leaps = callTest tests/leaps.nix { };
|
tests.leaps = callTest tests/leaps.nix { };
|
||||||
tests.nsd = callTest tests/nsd.nix {};
|
tests.nsd = callTest tests/nsd.nix {};
|
||||||
tests.openssh = callTest tests/openssh.nix {};
|
tests.openssh = callTest tests/openssh.nix {};
|
||||||
|
tests.openldap = callTest tests/openldap.nix {};
|
||||||
tests.owncloud = callTest tests/owncloud.nix {};
|
tests.owncloud = callTest tests/owncloud.nix {};
|
||||||
tests.pam-oath-login = callTest tests/pam-oath-login.nix {};
|
tests.pam-oath-login = callTest tests/pam-oath-login.nix {};
|
||||||
#tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};
|
#tests.panamax = callTestOnTheseSystems ["x86_64-linux"] tests/panamax.nix {};
|
||||||
|
|||||||
35
nixos/tests/openldap.nix
Normal file
35
nixos/tests/openldap.nix
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
import ./make-test.nix {
|
||||||
|
name = "dovecot";
|
||||||
|
|
||||||
|
machine = { pkgs, ... }: {
|
||||||
|
services.openldap = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
include ${pkgs.openldap}/etc/schema/core.schema
|
||||||
|
include ${pkgs.openldap}/etc/schema/cosine.schema
|
||||||
|
include ${pkgs.openldap}/etc/schema/inetorgperson.schema
|
||||||
|
include ${pkgs.openldap}/etc/schema/nis.schema
|
||||||
|
database bdb
|
||||||
|
suffix dc=example
|
||||||
|
directory /var/db/openldap
|
||||||
|
rootdn cn=root,dc=example
|
||||||
|
rootpw notapassword
|
||||||
|
'';
|
||||||
|
declarativeContents = ''
|
||||||
|
dn: dc=example
|
||||||
|
objectClass: domain
|
||||||
|
dc: example
|
||||||
|
|
||||||
|
dn: ou=users,dc=example
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: users
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
$machine->succeed('systemctl status openldap.service');
|
||||||
|
$machine->waitForUnit('openldap.service');
|
||||||
|
$machine->succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"');
|
||||||
|
'';
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user