nixos/openldap: add new options
This commit is contained in:
Simon Lackerbauer
Franz Pletz
parent
07b24090a4
commit
88c31ae57c
@ -8,7 +8,20 @@ let
|
|||||||
openldap = pkgs.openldap;
|
openldap = pkgs.openldap;
|
||||||
|
|
||||||
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
|
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
|
||||||
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
|
configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
|
||||||
|
include ${pkgs.openldap.out}/etc/schema/core.schema
|
||||||
|
include ${pkgs.openldap.out}/etc/schema/cosine.schema
|
||||||
|
include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
|
||||||
|
include ${pkgs.openldap.out}/etc/schema/nis.schema
|
||||||
|
'') + ''
|
||||||
|
${cfg.extraConfig}
|
||||||
|
database ${cfg.database}
|
||||||
|
suffix ${cfg.suffix}
|
||||||
|
rootdn ${cfg.rootdn}
|
||||||
|
rootpw ${cfg.rootpw}
|
||||||
|
directory ${cfg.dataDir}
|
||||||
|
${cfg.extraDatabaseConfig}
|
||||||
|
'');
|
||||||
configOpts = if cfg.configDir == null then "-f ${configFile}"
|
configOpts = if cfg.configDir == null then "-f ${configFile}"
|
||||||
else "-F ${cfg.configDir}";
|
else "-F ${cfg.configDir}";
|
||||||
in
|
in
|
||||||
@ -54,6 +67,52 @@ in
|
|||||||
description = "The database directory.";
|
description = "The database directory.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
defaultSchemas = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Include the default schemas core, cosine, inetorgperson and nis.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
database = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "mdb";
|
||||||
|
description = ''
|
||||||
|
Database type to use for the LDAP.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
suffix = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "dc=example,dc=org";
|
||||||
|
description = ''
|
||||||
|
Specify the DN suffix of queries that will be passed to this backend
|
||||||
|
database.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
rootdn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "cn=admin,dc=example,dc=org";
|
||||||
|
description = ''
|
||||||
|
Specify the distinguished name that is not subject to access control
|
||||||
|
or administrative limit restrictions for operations on this database.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
rootpw = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Password for the root user.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
logLevel = mkOption {
|
logLevel = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0";
|
default = "0";
|
||||||
@ -118,6 +177,39 @@ in
|
|||||||
# ...
|
# ...
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraDatabaseConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
slapd.conf configuration after the database option.
|
||||||
|
This setting will be ignored if configDir is set.
|
||||||
|
'';
|
||||||
|
example = ''
|
||||||
|
# Indices to maintain for this directory
|
||||||
|
# unique id so equality match only
|
||||||
|
index uid eq
|
||||||
|
# allows general searching on commonname, givenname and email
|
||||||
|
index cn,gn,mail eq,sub
|
||||||
|
# allows multiple variants on surname searching
|
||||||
|
index sn eq,sub
|
||||||
|
# sub above includes subintial,subany,subfinal
|
||||||
|
# optimise department searches
|
||||||
|
index ou eq
|
||||||
|
# if searches will include objectClass uncomment following
|
||||||
|
# index objectClass eq
|
||||||
|
# shows use of default index parameter
|
||||||
|
index default eq,sub
|
||||||
|
# indices missing - uses default eq,sub
|
||||||
|
index telephonenumber
|
||||||
|
|
||||||
|
# other database parameters
|
||||||
|
# read more in slapd.conf reference section
|
||||||
|
cachesize 10000
|
||||||
|
checkpoint 128 15
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|||||||
@ -4,16 +4,12 @@ import ./make-test.nix {
|
|||||||
machine = { pkgs, ... }: {
|
machine = { pkgs, ... }: {
|
||||||
services.openldap = {
|
services.openldap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
suffix = "dc=example";
|
||||||
include ${pkgs.openldap}/etc/schema/core.schema
|
rootdn = "cn=root,dc=example";
|
||||||
include ${pkgs.openldap}/etc/schema/cosine.schema
|
rootpw = "notapassword";
|
||||||
include ${pkgs.openldap}/etc/schema/inetorgperson.schema
|
database = "bdb";
|
||||||
include ${pkgs.openldap}/etc/schema/nis.schema
|
extraDatabaseConfig = ''
|
||||||
database bdb
|
|
||||||
suffix dc=example
|
|
||||||
directory /var/db/openldap
|
directory /var/db/openldap
|
||||||
rootdn cn=root,dc=example
|
|
||||||
rootpw notapassword
|
|
||||||
'';
|
'';
|
||||||
declarativeContents = ''
|
declarativeContents = ''
|
||||||
dn: dc=example
|
dn: dc=example
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user