diff options
author | Bruno Bigras <bigras.bruno@gmail.com> | 2020-09-01 01:03:20 -0400 |
---|---|---|
committer | Bruno Bigras <bigras.bruno@gmail.com> | 2020-09-04 01:51:42 -0400 |
commit | 64ce52713ce1a01d6b39d72295caf1448d90b22f (patch) | |
tree | b0a6081d83fcf5623e5562eb038666a0800cceba /nixos/tests/sssd-ldap.nix | |
parent | 7bc3a08d3a4c700b53a3b27f5acd149f24b931ec (diff) |
nixos/tests/sssd-ldap: init
Diffstat (limited to 'nixos/tests/sssd-ldap.nix')
-rw-r--r-- | nixos/tests/sssd-ldap.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/nixos/tests/sssd-ldap.nix b/nixos/tests/sssd-ldap.nix new file mode 100644 index 0000000000000..b68403a0102a8 --- /dev/null +++ b/nixos/tests/sssd-ldap.nix @@ -0,0 +1,78 @@ +import ./make-test-python.nix ({ pkgs, ... }: + let + dbDomain = "example.org"; + dbSuffix = "dc=example,dc=org"; + + ldapRootUser = "admin"; + ldapRootPassword = "foobar"; + + testUser = "alice"; + in + { + name = "sssd-ldap"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bbigras ]; + }; + + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + rootdn = "cn=${ldapRootUser},${dbSuffix}"; + rootpw = ldapRootPassword; + suffix = dbSuffix; + declarativeContents = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} + + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + # userPassword: somePasswordHash + homeDirectory: /home/${testUser} + uidNumber: 1234 + gidNumber: 1234 + cn: "" + sn: "" + ''; + }; + + services.sssd = { + enable = true; + config = '' + [sssd] + config_file_version = 2 + services = nss, pam, sudo + domains = ${dbDomain} + + [domain/${dbDomain}] + auth_provider = ldap + id_provider = ldap + ldap_uri = ldap://127.0.0.1:389 + ldap_search_base = ${dbSuffix} + ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} + ldap_default_authtok_type = password + ldap_default_authtok = ${ldapRootPassword} + ''; + }; + }; + + testScript = '' + machine.start() + machine.wait_for_unit("openldap.service") + machine.wait_for_unit("sssd.service") + machine.succeed("getent passwd ${testUser}") + ''; + } +) |