diff options
Diffstat (limited to 'nixos/modules/services/databases/openldap.nix')
-rw-r--r-- | nixos/modules/services/databases/openldap.nix | 94 |
1 files changed, 93 insertions, 1 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 5c302752781e..bb658918cb0d 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -8,7 +8,20 @@ let openldap = pkgs.openldap; dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; - configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; + configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas '' + include ${pkgs.openldap.out}/etc/schema/core.schema + include ${pkgs.openldap.out}/etc/schema/cosine.schema + include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema + include ${pkgs.openldap.out}/etc/schema/nis.schema + '') + '' + ${cfg.extraConfig} + database ${cfg.database} + suffix ${cfg.suffix} + rootdn ${cfg.rootdn} + rootpw ${cfg.rootpw} + directory ${cfg.dataDir} + ${cfg.extraDatabaseConfig} + ''); configOpts = if cfg.configDir == null then "-f ${configFile}" else "-F ${cfg.configDir}"; in @@ -54,6 +67,52 @@ in description = "The database directory."; }; + defaultSchemas = mkOption { + type = types.bool; + default = true; + description = '' + Include the default schemas core, cosine, inetorgperson and nis. + This setting will be ignored if configDir is set. + ''; + }; + + database = mkOption { + type = types.str; + default = "mdb"; + description = '' + Database type to use for the LDAP. + This setting will be ignored if configDir is set. + ''; + }; + + suffix = mkOption { + type = types.str; + example = "dc=example,dc=org"; + description = '' + Specify the DN suffix of queries that will be passed to this backend + database. + This setting will be ignored if configDir is set. + ''; + }; + + rootdn = mkOption { + type = types.str; + example = "cn=admin,dc=example,dc=org"; + description = '' + Specify the distinguished name that is not subject to access control + or administrative limit restrictions for operations on this database. + This setting will be ignored if configDir is set. + ''; + }; + + rootpw = mkOption { + type = types.str; + description = '' + Password for the root user. + This setting will be ignored if configDir is set. + ''; + }; + logLevel = mkOption { type = types.str; default = "0"; @@ -118,6 +177,39 @@ in # ... ''; }; + + extraDatabaseConfig = mkOption { + type = types.lines; + default = ""; + description = '' + slapd.conf configuration after the database option. + This setting will be ignored if configDir is set. + ''; + example = '' + # Indices to maintain for this directory + # unique id so equality match only + index uid eq + # allows general searching on commonname, givenname and email + index cn,gn,mail eq,sub + # allows multiple variants on surname searching + index sn eq,sub + # sub above includes subintial,subany,subfinal + # optimise department searches + index ou eq + # if searches will include objectClass uncomment following + # index objectClass eq + # shows use of default index parameter + index default eq,sub + # indices missing - uses default eq,sub + index telephonenumber + + # other database parameters + # read more in slapd.conf reference section + cachesize 10000 + checkpoint 128 15 + ''; + }; + }; }; |