summary refs log blame commit diff
path: root/nixos/tests/openldap.nix
blob: 33b7b7f6608a7c30af67cea2294ee1275f457d97 (plain) (tree) 
1fde3c35619 ^





b2acbe58b24 ^

1fde3c35619 ^




b2acbe58b24 ^

5d91b29e0d6 ^


5d91b29e0d6 ^


b2acbe58b24 ^

1fde3c35619 ^

































































































































b2acbe58b24 ^

1
2
3
4
5

6

7
8
9
10

11

12
13

14
15

16

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

146





                                                   
 



                                   
                 

                                             

                                                                                  
     
































































































































                                                                                
 
{ pkgs, system ? builtins.currentSystem, ... }: let
  declarativeContents = ''
    dn: dc=example
    objectClass: domain
    dc: example

    dn: ou=users,dc=example
    objectClass: organizationalUnit
    ou: users
  '';
  testScript = ''
    machine.wait_for_unit("openldap.service")
    machine.succeed(
        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
    )
  '';
in {
  # New-style configuration
  current = import ./make-test-python.nix {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        inherit declarativeContents;
        enable = true;
        defaultSchemas = null;
        dataDir = null;
        database = null;
        settings = {
          children = {
            "cn=schema" = {
              includes = [
                "${pkgs.openldap}/etc/schema/core.ldif"
                "${pkgs.openldap}/etc/schema/cosine.ldif"
                "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
                "${pkgs.openldap}/etc/schema/nis.ldif"
              ];
            };
            "olcDatabase={1}mdb" = {
              attrs = {
                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
                olcDatabase = "{1}mdb";
                olcDbDirectory = "/var/db/openldap";
                olcSuffix = "dc=example";
                olcRootDN = "cn=root,dc=example";
                olcRootPW = "notapassword";
              };
            };
          };
        };
      };
    };
  };

  # Old-style configuration
  shortOptions = import ./make-test-python.nix {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        inherit declarativeContents;
        enable = true;
        suffix = "dc=example";
        rootdn = "cn=root,dc=example";
        rootpw = "notapassword";
      };
    };
  };

  # Manually managed configDir, for example if dynamic config is essential
  manualConfigDir = import ./make-test-python.nix {
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        enable = true;
        configDir = "/var/db/slapd.d";
        # Silence warnings
        defaultSchemas = null;
        dataDir = null;
        database = null;
      };
    };

    testScript = let
      contents = pkgs.writeText "data.ldif" declarativeContents;
      config = pkgs.writeText "config.ldif" ''
        dn: cn=config
        cn: config
        objectClass: olcGlobal
        olcLogLevel: stats
        olcPidFile: /run/slapd/slapd.pid

        dn: cn=schema,cn=config
        cn: schema
        objectClass: olcSchemaConfig

        include: file://${pkgs.openldap}/etc/schema/core.ldif
        include: file://${pkgs.openldap}/etc/schema/cosine.ldif
        include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif

        dn: olcDatabase={1}mdb,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcMdbConfig
        olcDatabase: {1}mdb
        olcDbDirectory: /var/db/openldap
        olcDbIndex: objectClass eq
        olcSuffix: dc=example
        olcRootDN: cn=root,dc=example
        olcRootPW: notapassword
      '';
    in ''
      machine.succeed(
          "mkdir -p /var/db/slapd.d /var/db/openldap",
          "slapadd -F /var/db/slapd.d -n0 -l ${config}",
          "slapadd -F /var/db/slapd.d -n1 -l ${contents}",
          "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
          "systemctl restart openldap",
      )
    '' + testScript;
  };

  # extraConfig forces use of slapd.conf, test this until that option is removed
  legacyConfig = import ./make-test-python.nix {
    inherit testScript;
    name = "openldap";

    machine = { pkgs, ... }: {
      services.openldap = {
        inherit declarativeContents;
        enable = true;
        suffix = "dc=example";
        rootdn = "cn=root,dc=example";
        rootpw = "notapassword";
        extraConfig = ''
          # No-op
        '';
        extraDatabaseConfig = ''
          # No-op
        '';
      };
    };
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-27 02:10:55 +0000