about summary refs log tree commit diff
path: root/third_party/openldap
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/openldap')
-rw-r--r--third_party/openldap/default.nix27
1 files changed, 27 insertions, 0 deletions
diff --git a/third_party/openldap/default.nix b/third_party/openldap/default.nix
new file mode 100644
index 000000000000..92de8d3fea7f
--- /dev/null
+++ b/third_party/openldap/default.nix
@@ -0,0 +1,27 @@
+# OpenLDAP by default uses a simple shalted SHA1-hash for passwords,
+# which is less than ideal.
+#
+# It does however include a contrib module which adds support for the
+# Argon2 password hashing scheme. This overrides then OpenLDAP build
+# derivation to include this module.
+{ pkgs, ... }:
+
+pkgs.originals.openldap.overrideAttrs(old: {
+  buildInputs = old.buildInputs ++ [ pkgs.libsodium ];
+
+  postBuild = ''
+    ${old.postBuild}
+    make $makeFlags -C contrib/slapd-modules/passwd/argon2
+  '';
+
+  # This is required because the Makefile for this module hardcodes
+  # /usr/bin/install, which is not a valid path - we want it to be
+  # looked up from $PATH because it is included in stdenv.
+  installFlags = old.installFlags ++ [ "INSTALL=install" ];
+
+  postInstall = ''
+    ${old.postInstall}
+    make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
+  '';
+
+})