diff options
author | Dan Callaghan <djc@djc.id.au> | 2022-07-19 22:31:11 +1000 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-07-22 03:19:46 +0200 |
commit | b30534eb02796423cec9fbda8f7aea535c932e3e (patch) | |
tree | d9da8a735e78fc2563a401e2fd3e9a21907cc174 | |
parent | df9f22a8b836e783a0826ed629054462c94c41a1 (diff) | |
download | nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar.gz nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar.bz2 nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar.lz nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar.xz nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.tar.zst nixpkgs-b30534eb02796423cec9fbda8f7aea535c932e3e.zip |
openldap: load client config from /etc, not the nix store
We want Openldap clients to load /etc/ldap.conf at runtime, not ${pkgs.openldap}/etc/ldap.conf which is always a sample config. Pass sysconfdir=/etc at compile time, so that /etc/krb5.conf is embedded in the library as the path of its config file. Pass sysconfdir=${out}/etc at install time, so that the sample configs and schema files are correctly included in the build output. This hack works because the Makefiles are not smart enough to notice that the sysconfdir variable has changed across invocations -- because nobody ever writes their Makefiles to be that smart. :-) Fixes #181937.
-rw-r--r-- | nixos/tests/openldap.nix | 23 | ||||
-rw-r--r-- | pkgs/development/libraries/openldap/default.nix | 3 |
2 files changed, 20 insertions, 6 deletions
diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index 04e2650e380..075bb5d1f64 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -39,11 +39,23 @@ import ./make-test-python.nix ({ pkgs, ... }: let olcRootDN: cn=root,dc=example olcRootPW: notapassword ''; + + ldapClientConfig = { + enable = true; + loginPam = false; + nsswitch = false; + server = "ldap://"; + base = "dc=example"; + }; + in { name = "openldap"; nodes.machine = { pkgs, ... }: { environment.etc."openldap/root_password".text = "notapassword"; + + users.ldap = ldapClientConfig; + services.openldap = { enable = true; urlList = [ "ldapi:///" "ldap://" ]; @@ -96,6 +108,7 @@ in { manualConfigDir = { inheritParentConfig = false; configuration = { ... }: { + users.ldap = ldapClientConfig; services.openldap = { enable = true; configDir = "/var/db/slapd.d"; @@ -119,14 +132,14 @@ in { with subtest("declarative contents"): machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test') machine.wait_for_unit("openldap.service") - machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword') machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') with subtest("mutable config"): machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test') - machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword') machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') - machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar -b "dc=example"') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar') with subtest("manual config dir"): machine.succeed( @@ -136,8 +149,8 @@ in { 'chown -R openldap:openldap /var/db/slapd.d /var/db/openldap', '${specializations}/manualConfigDir/bin/switch-to-configuration test', ) - machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword') machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') - machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar -b "dc=example"') + machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar') ''; }) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index 8d4820f33ff..f357b8d4b72 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -67,7 +67,7 @@ stdenv.mkDerivation rec { "STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase. "STRIP_OPTS=" "prefix=${placeholder "out"}" - "sysconfdir=${placeholder "out"}/etc" + "sysconfdir=/etc" "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" # contrib modules require these "moduledir=${placeholder "out"}/lib/modules" @@ -101,6 +101,7 @@ stdenv.mkDerivation rec { installFlags = [ "prefix=${placeholder "out"}" + "sysconfdir=${placeholder "out"}/etc" "moduledir=${placeholder "out"}/lib/modules" "INSTALL=install" ]; |