openldap: test starting with empty DB

This addresses the original concern behind #92544

1 files changed, 14 insertions, 4 deletions

diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix
index b31df594a36..04e2650e380 100644
--- a/nixos/tests/openldap.nix
+++ b/nixos/tests/openldap.nix
@@ -81,12 +81,17 @@ in {
           };
         };
       };
-      declarativeContents."dc=example" = dbContents;
     };
 
     specialisation = {
+      declarativeContents.configuration = { ... }: {
+        services.openldap.declarativeContents."dc=example" = dbContents;
+      };
       mutableConfig.configuration = { ... }: {
-        services.openldap.mutableConfig = true;
+        services.openldap = {
+          declarativeContents."dc=example" = dbContents;
+          mutableConfig = true;
+        };
       };
       manualConfigDir = {
         inheritParentConfig = false;
@@ -108,9 +113,14 @@ in {
       olcRootPW: foobar
     '';
   in ''
+    # Test startup with empty DB
     machine.wait_for_unit("openldap.service")
-    machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
-    machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
+
+    with subtest("declarative contents"):
+      machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test')
+      machine.wait_for_unit("openldap.service")
+      machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
+      machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
 
     with subtest("mutable config"):
       machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test')