movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

openldap: test starting with empty DB

Browse source 
This addresses the original concern behind #92544
This commit is contained in:
Kai Wohlfahrt 2022-06-05 20:03:46 +01:00 committed by Jörg Thalheim
parent 8a7193fc0a
commit 334d622ec7
2 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/databases/openldap.nix
View file

@ -236,7 +236,10 @@ in {
writeConfig = pkgs.writeShellScript "openldap-config" '' writeConfig = pkgs.writeShellScript "openldap-config" ''
set -euo pipefail set -euo pipefail
${lib.optionalString (!cfg.mutableConfig) "rm -rf ${configDir}/*"} ${lib.optionalString (!cfg.mutableConfig) ''
chmod -R u+w ${configDir}
rm -rf ${configDir}/*
''}
if [ ! -e "${configDir}/cn=config.ldif" ]; then if [ ! -e "${configDir}/cn=config.ldif" ]; then
${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile} ${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
fi fi

18
nixos/tests/openldap.nix
View file

@ -81,12 +81,17 @@ in {
}; };
}; };
}; };
declarativeContents."dc=example" = dbContents;
}; };
specialisation = { specialisation = {
declarativeContents.configuration = { ... }: {
services.openldap.declarativeContents."dc=example" = dbContents;
};
mutableConfig.configuration = { ... }: { mutableConfig.configuration = { ... }: {
services.openldap.mutableConfig = true; services.openldap = {
declarativeContents."dc=example" = dbContents;
mutableConfig = true;
};
}; };
manualConfigDir = { manualConfigDir = {
inheritParentConfig = false; inheritParentConfig = false;
@ -108,9 +113,14 @@ in {
olcRootPW: foobar olcRootPW: foobar
''; '';
in '' in ''
# Test startup with empty DB
machine.wait_for_unit("openldap.service") machine.wait_for_unit("openldap.service")
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}') with subtest("declarative contents"):
machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test')
machine.wait_for_unit("openldap.service")
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
with subtest("mutable config"): with subtest("mutable config"):
machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test') machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test')