about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-05-24T22·26+0200
committertazjin <mail@tazj.in>2021-05-24T22·52+0000
commit46b136c22e8da83e6163f757dc4cfd868b559bf0 (patch)
tree2abdc85a4c682782aa77e231460940ee46f54908
parent4a89bcd6a5cd409731d7d80fe3dbe364ba00c187 (diff)
fix(tvl-slapd): Replace deprecated OpenLDAP module options r/2627
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.

The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.

Fixes b/105.

Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Diffstat
-rw-r--r--ops/modules/tvl-slapd/default.nix12
1 files changed, 7 insertions, 5 deletions
diff --git a/ops/modules/tvl-slapd/default.nix b/ops/modules/tvl-slapd/default.nix
index ae99fced74..cbfdeff31e 100644
--- a/ops/modules/tvl-slapd/default.nix
+++ b/ops/modules/tvl-slapd/default.nix
@@ -40,24 +40,26 @@ in {
 
   services.openldap = {
     enable = true;
-    dataDir = "/var/lib/openldap";
-    database = "mdb";
-    suffix = "dc=tvl,dc=fyi";
-    rootdn = "cn=admin,dc=tvl,dc=fyi";
-    rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
 
     settings.children = {
       "olcDatabase={1}mdb".attrs = {
         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
         olcDatabase = "{1}mdb";
+        olcDbDirectory = "/var/lib/openldap";
         olcSuffix = "dc=tvl,dc=fyi";
         olcAccess = "to *  by * read";
+        olcRootDN = "cn=admin,dc=tvl,dc=fyi";
+        olcRootPW = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
       };
 
       "cn=module{0}".attrs = {
         objectClass = "olcModuleList";
         olcModuleLoad = "pw-argon2";
       };
+
+      "cn=schema".includes =
+        map (schema: "${depot.third_party.openldap}/etc/schema/${schema}.ldif")
+            [ "core" "cosine" "inetorgperson" "nis" ];
     };
 
     # Contents are immutable at runtime, and adding user accounts etc.
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-13T15·44+0000