mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-29 15:43:00 +00:00
nixos/openldap: fix path + base64 value types
This commit is contained in:
parent
b2ebffe186
commit
ce1acd97a7
@ -7,31 +7,14 @@ let
|
||||
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
|
||||
|
||||
ldapValueType = let
|
||||
singleLdapValueType = types.oneOf [
|
||||
types.str
|
||||
(types.submodule {
|
||||
options = {
|
||||
path = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
A path containing the LDAP attribute. This is included at run-time, so
|
||||
is recommended for storing secrets.
|
||||
'';
|
||||
# Can't do types.either with multiple non-overlapping submodules, so define our own
|
||||
singleLdapValueType = lib.mkOptionType rec {
|
||||
name = "LDAP";
|
||||
description = "LDAP value";
|
||||
check = x: lib.isString x || (lib.isAttrs x && (x ? "path" || x ? "base64"));
|
||||
merge = lib.mergeEqualOption;
|
||||
};
|
||||
};
|
||||
})
|
||||
(types.submodule {
|
||||
options = {
|
||||
base64 = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
A base64-encoded LDAP attribute. Useful for storing values which
|
||||
contain special characters (e.g. newlines) in LDIF files.
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
# We don't coerce to lists of single values, as some values must be unique
|
||||
in types.either singleLdapValueType (types.listOf singleLdapValueType);
|
||||
|
||||
ldapAttrsType =
|
||||
|
@ -21,6 +21,7 @@ in {
|
||||
name = "openldap";
|
||||
|
||||
machine = { pkgs, ... }: {
|
||||
environment.etc."openldap/root_password".text = "notapassword";
|
||||
services.openldap = {
|
||||
enable = true;
|
||||
defaultSchemas = null;
|
||||
@ -37,13 +38,19 @@ in {
|
||||
];
|
||||
};
|
||||
"olcDatabase={1}mdb" = {
|
||||
# This tests string, base64 and path values, as well as lists of string values
|
||||
attrs = {
|
||||
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||
olcDatabase = "{1}mdb";
|
||||
olcDbDirectory = "/var/db/openldap";
|
||||
olcSuffix = "dc=example";
|
||||
olcRootDN = "cn=root,dc=example";
|
||||
olcRootPW = "notapassword";
|
||||
olcRootDN = {
|
||||
# cn=root,dc=example
|
||||
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
|
||||
};
|
||||
olcRootPW = {
|
||||
path = "/etc/openldap/root_password";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user