diff options
Diffstat (limited to 'nixos/tests/sssd-ldap.nix')
-rw-r--r-- | nixos/tests/sssd-ldap.nix | 160 |
1 files changed, 79 insertions, 81 deletions
diff --git a/nixos/tests/sssd-ldap.nix b/nixos/tests/sssd-ldap.nix index e3119348eac..5c58eaef714 100644 --- a/nixos/tests/sssd-ldap.nix +++ b/nixos/tests/sssd-ldap.nix @@ -1,96 +1,94 @@ -({ pkgs, ... }: - let - dbDomain = "example.org"; - dbSuffix = "dc=example,dc=org"; +let + dbDomain = "example.org"; + dbSuffix = "dc=example,dc=org"; - ldapRootUser = "admin"; - ldapRootPassword = "foobar"; + ldapRootUser = "admin"; + ldapRootPassword = "foobar"; - testUser = "alice"; - in import ./make-test-python.nix { - name = "sssd-ldap"; + testUser = "alice"; +in import ./make-test-python.nix ({pkgs, ...}: { + name = "sssd-ldap"; - meta = with pkgs.lib.maintainers; { - maintainers = [ bbigras ]; - }; + meta = with pkgs.lib.maintainers; { + maintainers = [ bbigras ]; + }; - machine = { pkgs, ... }: { - services.openldap = { - enable = true; - settings = { - children = { - "cn=schema".includes = [ - "${pkgs.openldap}/etc/schema/core.ldif" - "${pkgs.openldap}/etc/schema/cosine.ldif" - "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - "${pkgs.openldap}/etc/schema/nis.ldif" - ]; - "olcDatabase={1}mdb" = { - attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/db/openldap"; - olcSuffix = dbSuffix; - olcRootDN = "cn=${ldapRootUser},${dbSuffix}"; - olcRootPW = ldapRootPassword; - }; + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + settings = { + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + ]; + "olcDatabase={1}mdb" = { + attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/db/openldap"; + olcSuffix = dbSuffix; + olcRootDN = "cn=${ldapRootUser},${dbSuffix}"; + olcRootPW = ldapRootPassword; }; }; }; - declarativeContents = { - ${dbSuffix} = '' - dn: ${dbSuffix} - objectClass: top - objectClass: dcObject - objectClass: organization - o: ${dbDomain} + }; + declarativeContents = { + ${dbSuffix} = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} - dn: ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: ou=accounts,ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} - objectClass: person - objectClass: posixAccount - # userPassword: somePasswordHash - homeDirectory: /home/${testUser} - uidNumber: 1234 - gidNumber: 1234 - cn: "" - sn: "" - ''; - }; + dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + # userPassword: somePasswordHash + homeDirectory: /home/${testUser} + uidNumber: 1234 + gidNumber: 1234 + cn: "" + sn: "" + ''; }; + }; - services.sssd = { - enable = true; - config = '' - [sssd] - config_file_version = 2 - services = nss, pam, sudo - domains = ${dbDomain} + services.sssd = { + enable = true; + config = '' + [sssd] + config_file_version = 2 + services = nss, pam, sudo + domains = ${dbDomain} - [domain/${dbDomain}] - auth_provider = ldap - id_provider = ldap - ldap_uri = ldap://127.0.0.1:389 - ldap_search_base = ${dbSuffix} - ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} - ldap_default_authtok_type = password - ldap_default_authtok = ${ldapRootPassword} - ''; - }; + [domain/${dbDomain}] + auth_provider = ldap + id_provider = ldap + ldap_uri = ldap://127.0.0.1:389 + ldap_search_base = ${dbSuffix} + ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} + ldap_default_authtok_type = password + ldap_default_authtok = ${ldapRootPassword} + ''; }; + }; - testScript = '' - machine.start() - machine.wait_for_unit("openldap.service") - machine.wait_for_unit("sssd.service") - machine.succeed("getent passwd ${testUser}") - ''; - } -) + testScript = '' + machine.start() + machine.wait_for_unit("openldap.service") + machine.wait_for_unit("sssd.service") + machine.succeed("getent passwd ${testUser}") + ''; +}) |