diff options
Diffstat (limited to 'third_party/openldap/default.nix')
| -rw-r--r-- | third_party/openldap/default.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/third_party/openldap/default.nix b/third_party/openldap/default.nix new file mode 100644 index 000000000000..92de8d3fea7f --- /dev/null +++ b/third_party/openldap/default.nix @@ -0,0 +1,27 @@ +# OpenLDAP by default uses a simple shalted SHA1-hash for passwords, +# which is less than ideal. +# +# It does however include a contrib module which adds support for the +# Argon2 password hashing scheme. This overrides then OpenLDAP build +# derivation to include this module. +{ pkgs, ... }: + +pkgs.originals.openldap.overrideAttrs(old: { + buildInputs = old.buildInputs ++ [ pkgs.libsodium ]; + + postBuild = '' + ${old.postBuild} + make $makeFlags -C contrib/slapd-modules/passwd/argon2 + ''; + + # This is required because the Makefile for this module hardcodes + # /usr/bin/install, which is not a valid path - we want it to be + # looked up from $PATH because it is included in stdenv. + installFlags = old.installFlags ++ [ "INSTALL=install" ]; + + postInstall = '' + ${old.postInstall} + make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2 + ''; + +}) |