diff options
author | Simon Lackerbauer <simon@lackerbauer.com> | 2018-12-10 10:54:30 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2019-04-01 17:24:33 +0200 |
commit | 88c31ae57c8f06d22a951f3bdc74037719a07800 (patch) | |
tree | b032fd4d1d95f8227008f40312821a1fc87c4d63 | |
parent | 07b24090a42c4e663e4adfe39c566b162c669501 (diff) | |
download | nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar.gz nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar.bz2 nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar.lz nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar.xz nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.tar.zst nixpkgs-88c31ae57c8f06d22a951f3bdc74037719a07800.zip |
nixos/openldap: add new options
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 94 | ||||
-rw-r--r-- | nixos/tests/openldap.nix | 14 |
2 files changed, 98 insertions, 10 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 5c302752781..bb658918cb0 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -8,7 +8,20 @@ let openldap = pkgs.openldap; dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; - configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; + configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas '' + include ${pkgs.openldap.out}/etc/schema/core.schema + include ${pkgs.openldap.out}/etc/schema/cosine.schema + include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema + include ${pkgs.openldap.out}/etc/schema/nis.schema + '') + '' + ${cfg.extraConfig} + database ${cfg.database} + suffix ${cfg.suffix} + rootdn ${cfg.rootdn} + rootpw ${cfg.rootpw} + directory ${cfg.dataDir} + ${cfg.extraDatabaseConfig} + ''); configOpts = if cfg.configDir == null then "-f ${configFile}" else "-F ${cfg.configDir}"; in @@ -54,6 +67,52 @@ in description = "The database directory."; }; + defaultSchemas = mkOption { + type = types.bool; + default = true; + description = '' + Include the default schemas core, cosine, inetorgperson and nis. + This setting will be ignored if configDir is set. + ''; + }; + + database = mkOption { + type = types.str; + default = "mdb"; + description = '' + Database type to use for the LDAP. + This setting will be ignored if configDir is set. + ''; + }; + + suffix = mkOption { + type = types.str; + example = "dc=example,dc=org"; + description = '' + Specify the DN suffix of queries that will be passed to this backend + database. + This setting will be ignored if configDir is set. + ''; + }; + + rootdn = mkOption { + type = types.str; + example = "cn=admin,dc=example,dc=org"; + description = '' + Specify the distinguished name that is not subject to access control + or administrative limit restrictions for operations on this database. + This setting will be ignored if configDir is set. + ''; + }; + + rootpw = mkOption { + type = types.str; + description = '' + Password for the root user. + This setting will be ignored if configDir is set. + ''; + }; + logLevel = mkOption { type = types.str; default = "0"; @@ -118,6 +177,39 @@ in # ... ''; }; + + extraDatabaseConfig = mkOption { + type = types.lines; + default = ""; + description = '' + slapd.conf configuration after the database option. + This setting will be ignored if configDir is set. + ''; + example = '' + # Indices to maintain for this directory + # unique id so equality match only + index uid eq + # allows general searching on commonname, givenname and email + index cn,gn,mail eq,sub + # allows multiple variants on surname searching + index sn eq,sub + # sub above includes subintial,subany,subfinal + # optimise department searches + index ou eq + # if searches will include objectClass uncomment following + # index objectClass eq + # shows use of default index parameter + index default eq,sub + # indices missing - uses default eq,sub + index telephonenumber + + # other database parameters + # read more in slapd.conf reference section + cachesize 10000 + checkpoint 128 15 + ''; + }; + }; }; diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index 1eaf87a8eaa..3ef90e18347 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -4,16 +4,12 @@ import ./make-test.nix { machine = { pkgs, ... }: { services.openldap = { enable = true; - extraConfig = '' - include ${pkgs.openldap}/etc/schema/core.schema - include ${pkgs.openldap}/etc/schema/cosine.schema - include ${pkgs.openldap}/etc/schema/inetorgperson.schema - include ${pkgs.openldap}/etc/schema/nis.schema - database bdb - suffix dc=example + suffix = "dc=example"; + rootdn = "cn=root,dc=example"; + rootpw = "notapassword"; + database = "bdb"; + extraDatabaseConfig = '' directory /var/db/openldap - rootdn cn=root,dc=example - rootpw notapassword ''; declarativeContents = '' dn: dc=example |