2022-06-05 14:47:24 +02:00
|
|
|
import ./make-test-python.nix ({ pkgs, ... }: let
|
2020-08-24 01:07:24 +02:00
|
|
|
dbContents = ''
|
2020-08-03 00:52:37 +02:00
|
|
|
dn: dc=example
|
|
|
|
objectClass: domain
|
|
|
|
dc: example
|
2018-03-03 19:53:16 +01:00
|
|
|
|
2020-08-03 00:52:37 +02:00
|
|
|
dn: ou=users,dc=example
|
|
|
|
objectClass: organizationalUnit
|
|
|
|
ou: users
|
|
|
|
'';
|
2022-06-05 14:47:24 +02:00
|
|
|
|
|
|
|
ldifConfig = ''
|
|
|
|
dn: cn=config
|
|
|
|
cn: config
|
|
|
|
objectClass: olcGlobal
|
|
|
|
olcLogLevel: stats
|
|
|
|
|
|
|
|
dn: cn=schema,cn=config
|
|
|
|
cn: schema
|
|
|
|
objectClass: olcSchemaConfig
|
|
|
|
|
|
|
|
include: file://${pkgs.openldap}/etc/schema/core.ldif
|
|
|
|
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
|
|
|
|
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
|
|
|
|
|
|
|
|
dn: olcDatabase={0}config,cn=config
|
|
|
|
olcDatabase: {0}config
|
|
|
|
objectClass: olcDatabaseConfig
|
|
|
|
olcRootDN: cn=root,cn=config
|
|
|
|
olcRootPW: configpassword
|
|
|
|
|
|
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
|
|
objectClass: olcDatabaseConfig
|
|
|
|
objectClass: olcMdbConfig
|
|
|
|
olcDatabase: {1}mdb
|
|
|
|
olcDbDirectory: /var/db/openldap
|
|
|
|
olcDbIndex: objectClass eq
|
|
|
|
olcSuffix: dc=example
|
|
|
|
olcRootDN: cn=root,dc=example
|
|
|
|
olcRootPW: notapassword
|
2018-03-03 19:53:16 +01:00
|
|
|
'';
|
2022-07-19 14:31:11 +02:00
|
|
|
|
|
|
|
ldapClientConfig = {
|
|
|
|
enable = true;
|
|
|
|
loginPam = false;
|
|
|
|
nsswitch = false;
|
|
|
|
server = "ldap://";
|
|
|
|
base = "dc=example";
|
|
|
|
};
|
|
|
|
|
2020-08-03 00:52:37 +02:00
|
|
|
in {
|
2022-06-05 14:47:24 +02:00
|
|
|
name = "openldap";
|
2020-08-03 00:52:37 +02:00
|
|
|
|
2022-06-05 14:47:24 +02:00
|
|
|
nodes.machine = { pkgs, ... }: {
|
|
|
|
environment.etc."openldap/root_password".text = "notapassword";
|
2022-07-19 14:31:11 +02:00
|
|
|
|
|
|
|
users.ldap = ldapClientConfig;
|
|
|
|
|
2022-06-05 14:47:24 +02:00
|
|
|
services.openldap = {
|
|
|
|
enable = true;
|
|
|
|
urlList = [ "ldapi:///" "ldap://" ];
|
|
|
|
settings = {
|
|
|
|
children = {
|
|
|
|
"cn=schema".includes = [
|
|
|
|
"${pkgs.openldap}/etc/schema/core.ldif"
|
|
|
|
"${pkgs.openldap}/etc/schema/cosine.ldif"
|
|
|
|
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
|
|
|
"${pkgs.openldap}/etc/schema/nis.ldif"
|
|
|
|
];
|
2022-06-05 19:07:51 +02:00
|
|
|
"olcDatabase={0}config" = {
|
|
|
|
attrs = {
|
|
|
|
objectClass = [ "olcDatabaseConfig" ];
|
|
|
|
olcDatabase = "{0}config";
|
|
|
|
olcRootDN = "cn=root,cn=config";
|
|
|
|
olcRootPW = "configpassword";
|
|
|
|
};
|
|
|
|
};
|
2022-06-05 14:47:24 +02:00
|
|
|
"olcDatabase={1}mdb" = {
|
|
|
|
# This tests string, base64 and path values, as well as lists of string values
|
|
|
|
attrs = {
|
|
|
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
|
|
|
olcDatabase = "{1}mdb";
|
|
|
|
olcDbDirectory = "/var/lib/openldap/db";
|
|
|
|
olcSuffix = "dc=example";
|
|
|
|
olcRootDN = {
|
|
|
|
# cn=root,dc=example
|
|
|
|
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
|
|
|
|
};
|
|
|
|
olcRootPW = {
|
|
|
|
path = "/etc/openldap/root_password";
|
2020-08-03 00:52:37 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-06-05 14:47:24 +02:00
|
|
|
specialisation = {
|
2022-06-05 21:03:46 +02:00
|
|
|
declarativeContents.configuration = { ... }: {
|
|
|
|
services.openldap.declarativeContents."dc=example" = dbContents;
|
|
|
|
};
|
2022-06-05 19:07:51 +02:00
|
|
|
mutableConfig.configuration = { ... }: {
|
2022-06-05 21:03:46 +02:00
|
|
|
services.openldap = {
|
|
|
|
declarativeContents."dc=example" = dbContents;
|
|
|
|
mutableConfig = true;
|
|
|
|
};
|
2022-06-05 19:07:51 +02:00
|
|
|
};
|
2022-06-05 14:47:24 +02:00
|
|
|
manualConfigDir = {
|
|
|
|
inheritParentConfig = false;
|
|
|
|
configuration = { ... }: {
|
2022-07-19 14:31:11 +02:00
|
|
|
users.ldap = ldapClientConfig;
|
2022-06-05 14:47:24 +02:00
|
|
|
services.openldap = {
|
|
|
|
enable = true;
|
|
|
|
configDir = "/var/db/slapd.d";
|
|
|
|
};
|
|
|
|
};
|
2020-08-03 00:52:37 +02:00
|
|
|
};
|
|
|
|
};
|
2022-06-05 14:47:24 +02:00
|
|
|
};
|
|
|
|
testScript = { nodes, ... }: let
|
|
|
|
specializations = "${nodes.machine.config.system.build.toplevel}/specialisation";
|
|
|
|
changeRootPw = ''
|
|
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
|
|
changetype: modify
|
|
|
|
replace: olcRootPW
|
|
|
|
olcRootPW: foobar
|
|
|
|
'';
|
|
|
|
in ''
|
2022-06-05 21:03:46 +02:00
|
|
|
# Test startup with empty DB
|
2022-06-05 14:47:24 +02:00
|
|
|
machine.wait_for_unit("openldap.service")
|
2022-06-05 21:03:46 +02:00
|
|
|
|
|
|
|
with subtest("declarative contents"):
|
|
|
|
machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test')
|
|
|
|
machine.wait_for_unit("openldap.service")
|
2022-07-19 14:31:11 +02:00
|
|
|
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword')
|
2022-06-05 21:03:46 +02:00
|
|
|
machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
|
2022-06-05 19:07:51 +02:00
|
|
|
|
|
|
|
with subtest("mutable config"):
|
|
|
|
machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test')
|
2022-07-19 14:31:11 +02:00
|
|
|
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword')
|
2022-06-05 19:07:51 +02:00
|
|
|
machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
|
2022-07-19 14:31:11 +02:00
|
|
|
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar')
|
2020-08-03 00:52:37 +02:00
|
|
|
|
2022-06-05 14:47:24 +02:00
|
|
|
with subtest("manual config dir"):
|
2020-08-03 00:52:37 +02:00
|
|
|
machine.succeed(
|
2022-06-05 19:07:51 +02:00
|
|
|
'mkdir /var/db/slapd.d /var/db/openldap',
|
2022-06-05 14:47:24 +02:00
|
|
|
'slapadd -F /var/db/slapd.d -n0 -l ${pkgs.writeText "config.ldif" ldifConfig}',
|
|
|
|
'slapadd -F /var/db/slapd.d -n1 -l ${pkgs.writeText "contents.ldif" dbContents}',
|
|
|
|
'chown -R openldap:openldap /var/db/slapd.d /var/db/openldap',
|
|
|
|
'${specializations}/manualConfigDir/bin/switch-to-configuration test',
|
2020-08-03 00:52:37 +02:00
|
|
|
)
|
2022-07-19 14:31:11 +02:00
|
|
|
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword')
|
2022-06-05 14:47:24 +02:00
|
|
|
machine.succeed('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
|
2022-07-19 14:31:11 +02:00
|
|
|
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w foobar')
|
2022-06-05 14:47:24 +02:00
|
|
|
'';
|
|
|
|
})
|