summary refs log tree commit diff
path: root/nixos/modules/services/databases/openldap.nix
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2020-07-01 19:11:00 +0100
committerVincent Ambo <mail@tazj.in>2020-07-01 20:49:04 +0100
commitc0122d335b9a596a1617aee276a0e492bcd8517a (patch)
tree06152bd4d98540ea13b658b0b2f2d75291b50511 /nixos/modules/services/databases/openldap.nix
parent85c56369387195837078c3d6c47b7d2ad2c83fd1 (diff)
downloadnixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar.gz
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar.bz2
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar.lz
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar.xz
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.tar.zst
nixpkgs-c0122d335b9a596a1617aee276a0e492bcd8517a.zip
nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
Diffstat (limited to 'nixos/modules/services/databases/openldap.nix')
-rw-r--r--nixos/modules/services/databases/openldap.nix30
1 files changed, 21 insertions, 9 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix
index 9b4d9a98b74..7472538b887 100644
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@@ -5,14 +5,14 @@ with lib;
 let
 
   cfg = config.services.openldap;
-  openldap = pkgs.openldap;
+  openldap = cfg.package;
 
   dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
   configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
-    include ${pkgs.openldap.out}/etc/schema/core.schema
-    include ${pkgs.openldap.out}/etc/schema/cosine.schema
-    include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
-    include ${pkgs.openldap.out}/etc/schema/nis.schema
+    include ${openldap.out}/etc/schema/core.schema
+    include ${openldap.out}/etc/schema/cosine.schema
+    include ${openldap.out}/etc/schema/inetorgperson.schema
+    include ${openldap.out}/etc/schema/nis.schema
   '') + ''
     ${cfg.extraConfig}
     database ${cfg.database}
@@ -46,6 +46,18 @@ in
         ";
       };
 
+      package = mkOption {
+        type = types.package;
+        default = pkgs.openldap;
+        description = ''
+          OpenLDAP package to use.
+
+          This can be used to, for example, set an OpenLDAP package
+          with custom overrides to enable modules or other
+          functionality.
+        '';
+      };
+
       user = mkOption {
         type = types.str;
         default = "openldap";
@@ -152,10 +164,10 @@ in
         ";
         example = literalExample ''
             '''
-            include ${pkgs.openldap.out}/etc/schema/core.schema
-            include ${pkgs.openldap.out}/etc/schema/cosine.schema
-            include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
-            include ${pkgs.openldap.out}/etc/schema/nis.schema
+            include ${openldap.out}/etc/schema/core.schema
+            include ${openldap.out}/etc/schema/cosine.schema
+            include ${openldap.out}/etc/schema/inetorgperson.schema
+            include ${openldap.out}/etc/schema/nis.schema
 
             database bdb
             suffix dc=example,dc=org
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-18 11:43:39 +0000