parent
7bc3a08d3a
commit
64ce52713c
@ -0,0 +1,78 @@ |
||||
import ./make-test-python.nix ({ pkgs, ... }: |
||||
let |
||||
dbDomain = "example.org"; |
||||
dbSuffix = "dc=example,dc=org"; |
||||
|
||||
ldapRootUser = "admin"; |
||||
ldapRootPassword = "foobar"; |
||||
|
||||
testUser = "alice"; |
||||
in |
||||
{ |
||||
name = "sssd-ldap"; |
||||
|
||||
meta = with pkgs.stdenv.lib.maintainers; { |
||||
maintainers = [ bbigras ]; |
||||
}; |
||||
|
||||
machine = { pkgs, ... }: { |
||||
services.openldap = { |
||||
enable = true; |
||||
rootdn = "cn=${ldapRootUser},${dbSuffix}"; |
||||
rootpw = ldapRootPassword; |
||||
suffix = dbSuffix; |
||||
declarativeContents = '' |
||||
dn: ${dbSuffix} |
||||
objectClass: top |
||||
objectClass: dcObject |
||||
objectClass: organization |
||||
o: ${dbDomain} |
||||
|
||||
dn: ou=posix,${dbSuffix} |
||||
objectClass: top |
||||
objectClass: organizationalUnit |
||||
|
||||
dn: ou=accounts,ou=posix,${dbSuffix} |
||||
objectClass: top |
||||
objectClass: organizationalUnit |
||||
|
||||
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} |
||||
objectClass: person |
||||
objectClass: posixAccount |
||||
# userPassword: somePasswordHash |
||||
homeDirectory: /home/${testUser} |
||||
uidNumber: 1234 |
||||
gidNumber: 1234 |
||||
cn: "" |
||||
sn: "" |
||||
''; |
||||
}; |
||||
|
||||
services.sssd = { |
||||
enable = true; |
||||
config = '' |
||||
[sssd] |
||||
config_file_version = 2 |
||||
services = nss, pam, sudo |
||||
domains = ${dbDomain} |
||||
|
||||
[domain/${dbDomain}] |
||||
auth_provider = ldap |
||||
id_provider = ldap |
||||
ldap_uri = ldap://127.0.0.1:389 |
||||
ldap_search_base = ${dbSuffix} |
||||
ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} |
||||
ldap_default_authtok_type = password |
||||
ldap_default_authtok = ${ldapRootPassword} |
||||
''; |
||||
}; |
||||
}; |
||||
|
||||
testScript = '' |
||||
machine.start() |
||||
machine.wait_for_unit("openldap.service") |
||||
machine.wait_for_unit("sssd.service") |
||||
machine.succeed("getent passwd ${testUser}") |
||||
''; |
||||
} |
||||
) |
Loading…
Reference in new issue