diff options
| author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2022-06-05 18:07:51 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2022-06-29 19:59:29 +0200 |
| commit | 8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c (patch) | |
| tree | 1ec1544bab46092fdbcbf7ed0aa77c90908c1924 | |
| parent | ad5acb9b0ec738c9bede7ec12947236992e78d2d (diff) | |
| download | nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar.gz nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar.bz2 nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar.lz nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar.xz nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.tar.zst nixpkgs-8a7193fc0a9fa7fa098299a321fd2bd3f4fa2d7c.zip | |
openldap: test and fix mutable config
| -rw-r--r-- | nixos/modules/services/databases/openldap.nix | 6 | ||||
| -rw-r--r-- | nixos/tests/openldap.nix | 20 |
2 files changed, 23 insertions, 3 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 45242b2b48f..167eba16b99 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -231,7 +231,7 @@ in { config = let dbSettings = mapAttrs' (name: { attrs, ... }: nameValuePair attrs.olcSuffix attrs) - (filterAttrs (name: value: hasPrefix "olcDatabase=" name) cfg.settings.children); + (filterAttrs (name: { attrs, ... }: (hasPrefix "olcDatabase=" name) && attrs ? olcSuffix) cfg.settings.children); settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings)); writeConfig = pkgs.writeShellScript "openldap-config" '' set -euo pipefail @@ -245,7 +245,9 @@ in { contentsFiles = mapAttrs (dn: ldif: pkgs.writeText "${dn}.ldif" ldif) cfg.declarativeContents; writeContents = pkgs.writeShellScript "openldap-load" '' - rm -rf /var/lib/openldap/$2/* + set -euo pipefail + + rm -rf $2/* ${openldap}/bin/slapadd -F ${configDir} -b $1 -l $3 ''; in mkIf cfg.enable { diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index 20117b87d4b..b31df594a36 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -55,6 +55,14 @@ in { "${pkgs.openldap}/etc/schema/inetorgperson.ldif" "${pkgs.openldap}/etc/schema/nis.ldif" ]; + "olcDatabase={0}config" = { + attrs = { + objectClass = [ "olcDatabaseConfig" ]; + olcDatabase = "{0}config"; + olcRootDN = "cn=root,cn=config"; + olcRootPW = "configpassword"; + }; + }; "olcDatabase={1}mdb" = { # This tests string, base64 and path values, as well as lists of string values attrs = { @@ -77,6 +85,9 @@ in { }; specialisation = { + mutableConfig.configuration = { ... }: { + services.openldap.mutableConfig = true; + }; manualConfigDir = { inheritParentConfig = false; configuration = { ... }: { @@ -99,10 +110,17 @@ in { in '' machine.wait_for_unit("openldap.service") machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"') + machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') + + with subtest("mutable config"): + machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"') + machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar -b "dc=example"') with subtest("manual config dir"): machine.succeed( - 'mkdir -p /var/db/slapd.d /var/db/openldap', + 'mkdir /var/db/slapd.d /var/db/openldap', 'slapadd -F /var/db/slapd.d -n0 -l ${pkgs.writeText "config.ldif" ldifConfig}', 'slapadd -F /var/db/slapd.d -n1 -l ${pkgs.writeText "contents.ldif" dbContents}', 'chown -R openldap:openldap /var/db/slapd.d /var/db/openldap', |