Add nss-pam-ldapd version 0.8.10

nss-pam-ldapd is a fork of nss_ldap that uses a daemon (nslcd) to
connect to the LDAP server, instead of going directly from PAM/NSS.
This improves performance and separation, and increases security
if you connect to LDAP with a password, since only the nscd daemon
needs to know the password, not every user of PAM/NSS.

This commit will be followed by a commit to NixOS which enables the
use of the nslcd daemon.

1 files changed, 34 insertions, 0 deletions

diff --git a/pkgs/tools/networking/nss-pam-ldapd/default.nix b/pkgs/tools/networking/nss-pam-ldapd/default.nix
new file mode 100644
index 00000000000..9abfcbbe42a
--- /dev/null
+++ b/pkgs/tools/networking/nss-pam-ldapd/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchurl, pkgconfig, openldap, python, pam, makeWrapper }:
+
+stdenv.mkDerivation rec {
+  name = "nss-pam-ldapd-${version}";
+  version = "0.8.10";
+  
+  src = fetchurl {
+    url = "http://arthurdejong.org/nss-pam-ldapd/${name}.tar.gz";
+    sha256 = "673a5e235a40fd9aac74082bc64d2ac2280fc155fb00b21092650d2c963e79cc";
+  };
+  
+  buildInputs = [ makeWrapper pkgconfig python openldap pam ];
+
+  preConfigure = ''
+    substituteInPlace Makefile.in --replace "install-data-local: " "# install-data-local: "
+  '';
+
+  configureFlags = [
+    "--with-bindpw-file=/run/nslcd/bindpw"
+    "--with-nslcd-socket=/run/nslcd/socket"
+    "--with-nslcd-pidfile=/run/nslcd/nslcd.pid"
+    "--with-pam-seclib-dir=$(out)/lib/security"
+  ];
+
+  postInstall = ''
+    wrapProgram $out/sbin/nslcd --prefix LD_LIBRARY_PATH ":" $out/lib
+  '';
+
+  meta = {
+    description = "LDAP identity and authentication for NSS/PAM";
+    homepage = http://arthurdejong.org/nss-pam-ldapd/;
+    license = [ "GPLv21" ];
+  };
+}