nixos/openldap: Fix sssd-ldap test

Use this as a test of the migration warnings/functionality.

nixos/modules/services/databases/openldap.nix

@@ -3,6 +3,7 @@
 with lib;
 let
   cfg = config.services.openldap;
+  legacyOptions = [ "rootpwFile" "suffix" "dataDir" "rootdn" "rootpw" ];
   openldap = cfg.package;
   configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
 
@@ -77,6 +78,12 @@ let
 in {
   imports = let
     deprecationNote = "This option is removed due to the deprecation of `slapd.conf` upstream. Please migrate to `services.openldap.settings`, see the release notes for advice with this process.";
+    mkDatabaseOption = old: new:
+      lib.mkChangedOptionModule [ "services" "openldap" old ] [ "services" "openldap" "settings" "children" ]
+        (config: let
+          database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
+          value = lib.getAttrFromPath [ "services" "openldap" old ] config;
+        in lib.setAttrByPath ([ "olcDatabase={1}${database}" "attrs" ] ++ new) value);
   in [
     (lib.mkRemovedOptionModule [ "services" "openldap" "extraConfig" ] deprecationNote)
     (lib.mkRemovedOptionModule [ "services" "openldap" "extraDatabaseConfig" ] deprecationNote)
@@ -85,7 +92,7 @@ in {
       (config: lib.splitString " " (lib.getAttrFromPath [ "services" "openldap" "logLevel" ] config)))
     (lib.mkChangedOptionModule [ "services" "openldap" "defaultSchemas" ] [ "services" "openldap" "settings" "children" "cn=schema" "includes"]
       (config: lib.optionals (lib.getAttrFromPath [ "services" "openldap" "defaultSchemas" ] config) (
-        map (schema: "${pkgs.openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ])))
+        map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ])))
 
     (lib.mkChangedOptionModule [ "services" "openldap" "database" ] [ "services" "openldap" "settings" "children" ]
       (config: let
@@ -97,17 +104,15 @@ in {
           olcDatabase = "{1}${database}";
           olcDbDirectory = lib.mkDefault "/var/db/openldap";
         };
+        "cn=schema".includes = lib.mkDefault (
+          map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ]
+        );
       }))
-    (lib.mkRenamedOptionModule [ "services" "openldap" "rootpwFile" ]
+    (mkDatabaseOption "rootpwFile" [ "olcRootPW" "path" ])
-      [ "services" "openldap" "settings" "children" "olcDatabase={1}${cfg.database}" "attrs" "olcRootPW" "path"])
+    (mkDatabaseOption "suffix" [ "olcSuffix" ])
-    (lib.mkRenamedOptionModule [ "services" "openldap" "suffix" ]
+    (mkDatabaseOption "dataDir" [ "olcDbDirectory" ])
-      [ "services" "openldap" "settings" "children" "olcDatabase={1}${cfg.database}" "attrs" "olcSuffix"])
+    (mkDatabaseOption "rootdn" [ "olcRootDN" ])
-    (lib.mkRenamedOptionModule [ "services" "openldap" "dataDir" ]
+    (mkDatabaseOption "rootpw" [ "olcRootPW" ])
-      [ "services" "openldap" "settings" "children" "olcDatabase={1}${cfg.database}" "attrs" "olcDbDirectory"])
-    (lib.mkRenamedOptionModule [ "services" "openldap" "rootdn" ]
-      [ "services" "openldap" "settings" "children" "olcDatabase={1}${cfg.database}" "attrs" "olcRootDN"])
-    (lib.mkRenamedOptionModule [ "services" "openldap" "rootpw" ]
-      [ "services" "openldap" "settings" "children" "olcDatabase={1}${cfg.database}" "attrs" "olcRootPW"])
   ];
   options = {
     services.openldap = {
@@ -242,14 +247,10 @@ in {
   meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
 
   config = mkIf cfg.enable {
-    assertions = [{
+    assertions = map (opt: {
-      assertion = lib.length (lib.attrNames cfg.settings.children) >= 2 || cfg ? database;
+      assertion = ((getAttr opt cfg) != "_mkMergedOptionModule") -> (cfg.database != "_mkMergedOptionModule");
-      message = ''
+      message = "Legacy OpenLDAP option `services.openldap.${opt}` requires `services.openldap.database` (use value \"mdb\" if unsure)";
-        No OpenLDAP database is defined. Configure one with `services.openldap.settings`
+    }) legacyOptions;
-        or `services.openldap.database` (legacy).
-      '';
-    }];
-
     environment.systemPackages = [ openldap ];
 
     # Literal attributes must always be set
@@ -259,15 +260,11 @@ in {
         cn = "config";
         olcPidFile = "/run/slapd/slapd.pid";
       };
-      children = {
+      children."cn=schema".attrs = {
-        "cn=schema" = {
-          attrs = {
         cn = "schema";
         objectClass = "olcSchemaConfig";
       };
     };
-      };
-    };
 
     systemd.services.openldap = {
       description = "LDAP server";

nixos/tests/openldap.nix

@@ -71,7 +71,6 @@ in {
         suffix = "dc=example";
         rootdn = "cn=root,dc=example";
         rootpw = "notapassword";
-        dataDir = "/var/db/openldap";
         declarativeContents."dc=example" = dbContents;
       };
     };

nixos/tests/sssd-ldap.nix

@@ -1,4 +1,4 @@
-import ./make-test-python.nix ({ pkgs, ... }:
+({ pkgs, ... }:
   let
     dbDomain = "example.org";
     dbSuffix = "dc=example,dc=org";
@@ -7,8 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
     ldapRootPassword = "foobar";
 
     testUser = "alice";
-  in
+  in import ./make-test-python.nix {
-  {
     name = "sssd-ldap";
 
     meta = with pkgs.stdenv.lib.maintainers; {
@@ -18,10 +17,12 @@ import ./make-test-python.nix ({ pkgs, ... }:
     machine = { pkgs, ... }: {
       services.openldap = {
         enable = true;
+        database = "mdb";
         rootdn = "cn=${ldapRootUser},${dbSuffix}";
         rootpw = ldapRootPassword;
         suffix = dbSuffix;
-        declarativeContents = ''
+        declarativeContents = {
+          ${dbSuffix} = ''
             dn: ${dbSuffix}
             objectClass: top
             objectClass: dcObject
@@ -47,6 +48,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
             sn: ""
           '';
         };
+      };
 
       services.sssd = {
         enable = true;