diff options
| author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-08-02 23:52:37 +0100 |
|---|---|---|
| committer | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2020-11-21 15:39:19 +0000 |
| commit | 1fde3c35619bd445357077d816c72b0e589e0775 (patch) | |
| tree | cbb1a8a1ffdb77737339bf5101c98c6030ba397c /nixos/tests/openldap.nix | |
| parent | c18b90b5b90bd20c421ffe795420ad501e6613c7 (diff) | |
| download | nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar.gz nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar.bz2 nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar.lz nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar.xz nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.tar.zst nixpkgs-1fde3c35619bd445357077d816c72b0e589e0775.zip | |
nixos/openldap: switch to slapd.d configuration
The old slapd.conf is deprecated. Replace with slapd.d, and use this opportunity to write some structured settings. Incidentally, this fixes the fact that openldap is reported up before any checks have completed, by using forking mode.
Diffstat (limited to 'nixos/tests/openldap.nix')
| -rw-r--r-- | nixos/tests/openldap.nix | 163 |
1 files changed, 138 insertions, 25 deletions
diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index f8321a2c522..33b7b7f6608 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -1,33 +1,146 @@ -import ./make-test-python.nix { - name = "openldap"; - - machine = { pkgs, ... }: { - services.openldap = { - enable = true; - suffix = "dc=example"; - rootdn = "cn=root,dc=example"; - rootpw = "notapassword"; - database = "bdb"; - extraDatabaseConfig = '' - directory /var/db/openldap - ''; - declarativeContents = '' - dn: dc=example - objectClass: domain - dc: example - - dn: ou=users,dc=example - objectClass: organizationalUnit - ou: users - ''; - }; - }; +{ pkgs, system ? builtins.currentSystem, ... }: let + declarativeContents = '' + dn: dc=example + objectClass: domain + dc: example + dn: ou=users,dc=example + objectClass: organizationalUnit + ou: users + ''; testScript = '' machine.wait_for_unit("openldap.service") machine.succeed( - "systemctl status openldap.service", 'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"', ) ''; +in { + # New-style configuration + current = import ./make-test-python.nix { + inherit testScript; + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + inherit declarativeContents; + enable = true; + defaultSchemas = null; + dataDir = null; + database = null; + settings = { + children = { + "cn=schema" = { + includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + ]; + }; + "olcDatabase={1}mdb" = { + attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/db/openldap"; + olcSuffix = "dc=example"; + olcRootDN = "cn=root,dc=example"; + olcRootPW = "notapassword"; + }; + }; + }; + }; + }; + }; + }; + + # Old-style configuration + shortOptions = import ./make-test-python.nix { + inherit testScript; + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + inherit declarativeContents; + enable = true; + suffix = "dc=example"; + rootdn = "cn=root,dc=example"; + rootpw = "notapassword"; + }; + }; + }; + + # Manually managed configDir, for example if dynamic config is essential + manualConfigDir = import ./make-test-python.nix { + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + configDir = "/var/db/slapd.d"; + # Silence warnings + defaultSchemas = null; + dataDir = null; + database = null; + }; + }; + + testScript = let + contents = pkgs.writeText "data.ldif" declarativeContents; + config = pkgs.writeText "config.ldif" '' + dn: cn=config + cn: config + objectClass: olcGlobal + olcLogLevel: stats + olcPidFile: /run/slapd/slapd.pid + + dn: cn=schema,cn=config + cn: schema + objectClass: olcSchemaConfig + + include: file://${pkgs.openldap}/etc/schema/core.ldif + include: file://${pkgs.openldap}/etc/schema/cosine.ldif + include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif + + dn: olcDatabase={1}mdb,cn=config + objectClass: olcDatabaseConfig + objectClass: olcMdbConfig + olcDatabase: {1}mdb + olcDbDirectory: /var/db/openldap + olcDbIndex: objectClass eq + olcSuffix: dc=example + olcRootDN: cn=root,dc=example + olcRootPW: notapassword + ''; + in '' + machine.succeed( + "mkdir -p /var/db/slapd.d /var/db/openldap", + "slapadd -F /var/db/slapd.d -n0 -l ${config}", + "slapadd -F /var/db/slapd.d -n1 -l ${contents}", + "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap", + "systemctl restart openldap", + ) + '' + testScript; + }; + + # extraConfig forces use of slapd.conf, test this until that option is removed + legacyConfig = import ./make-test-python.nix { + inherit testScript; + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + inherit declarativeContents; + enable = true; + suffix = "dc=example"; + rootdn = "cn=root,dc=example"; + rootpw = "notapassword"; + extraConfig = '' + # No-op + ''; + extraDatabaseConfig = '' + # No-op + ''; + }; + }; + }; } |