nixos/tests/sssd-ldap: init

4 years ago · 64ce52713c
parent 7bc3a08d3a
commit 64ce52713c
2 changed files with 79 additions and 0 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -325,6 +325,7 @@ in
  sonarr = handleTest ./sonarr.nix {};
  sslh = handleTest ./sslh.nix {};
  sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {};
+  sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {};
  strongswan-swanctl = handleTest ./strongswan-swanctl.nix {};
  sudo = handleTest ./sudo.nix {};
  switchTest = handleTest ./switch-test.nix {};
--- a/nixos/tests/sssd-ldap.nix
+++ b/nixos/tests/sssd-ldap.nix
@ -0,0 +1,78 @@
+import ./make-test-python.nix ({ pkgs, ... }:
+  let
+    dbDomain = "example.org";
+    dbSuffix = "dc=example,dc=org";
+
+    ldapRootUser = "admin";
+    ldapRootPassword = "foobar";
+
+    testUser = "alice";
+  in
+  {
+    name = "sssd-ldap";
+
+    meta = with pkgs.stdenv.lib.maintainers; {
+      maintainers = [ bbigras ];
+    };
+
+    machine = { pkgs, ... }: {
+      services.openldap = {
+        enable = true;
+        rootdn = "cn=${ldapRootUser},${dbSuffix}";
+        rootpw = ldapRootPassword;
+        suffix = dbSuffix;
+        declarativeContents = ''
+          dn: ${dbSuffix}
+          objectClass: top
+          objectClass: dcObject
+          objectClass: organization
+          o: ${dbDomain}
+
+          dn: ou=posix,${dbSuffix}
+          objectClass: top
+          objectClass: organizationalUnit
+
+          dn: ou=accounts,ou=posix,${dbSuffix}
+          objectClass: top
+          objectClass: organizationalUnit
+
+          dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
+          objectClass: person
+          objectClass: posixAccount
+          # userPassword: somePasswordHash
+          homeDirectory: /home/${testUser}
+          uidNumber: 1234
+          gidNumber: 1234
+          cn: ""
+          sn: ""
+        '';
+      };
+
+      services.sssd = {
+        enable = true;
+        config = ''
+          [sssd]
+          config_file_version = 2
+          services = nss, pam, sudo
+          domains = ${dbDomain}
+
+          [domain/${dbDomain}]
+          auth_provider = ldap
+          id_provider = ldap
+          ldap_uri = ldap://127.0.0.1:389
+          ldap_search_base = ${dbSuffix}
+          ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
+          ldap_default_authtok_type = password
+          ldap_default_authtok = ${ldapRootPassword}
+        '';
+      };
+    };
+
+    testScript = ''
+      machine.start()
+      machine.wait_for_unit("openldap.service")
+      machine.wait_for_unit("sssd.service")
+      machine.succeed("getent passwd ${testUser}")
+    '';
+  }
+)