1 files changed, 35 insertions, 9 deletions
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix
index eae4c114fc12..29bdb2017523 100644
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@@ -20,23 +20,49 @@ in
     services.openldap = {
 
       enable = mkOption {
+        type = types.bool;
         default = false;
         description = "
           Whether to enable the ldap server.
         ";
+        example = literalExample ''
+          openldap.enable = true;
+          openldap.extraConfig = '''
+            include ''${pkgs.openldap}/etc/openldap/schema/core.schema
+            include ''${pkgs.openldap}/etc/openldap/schema/cosine.schema
+            include ''${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
+            include ''${pkgs.openldap}/etc/openldap/schema/nis.schema
+
+            database bdb 
+            suffix dc=example,dc=org 
+            rootdn cn=admin,dc=example,dc=org 
+            # NOTE: change after first start
+            rootpw secret
+            directory /var/db/openldap
+          ''';
+        '';
       };
 
       user = mkOption {
+        type = types.string;
         default = "openldap";
         description = "User account under which slapd runs.";
       };
 
       group = mkOption {
+        type = types.string;
         default = "openldap";
         description = "Group account under which slapd runs.";
       };
 
+      dataDir = mkOption {
+        type = types.string;
+        default = "/var/db/openldap";
+        description = "The database directory.";
+      };
+
       extraConfig = mkOption {
+        type = types.lines;
         default = "";
         description = "
           sldapd.conf configuration
@@ -60,22 +86,22 @@ in
       preStart = ''
         mkdir -p /var/run/slapd
         chown -R ${cfg.user}:${cfg.group} /var/run/slapd
-        mkdir -p /var/db/openldap
-        chown -R ${cfg.user}:${cfg.group} /var/db/openldap
+        mkdir -p ${cfg.dataDir}
+        chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
       '';
-      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}";
+      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}";
     };
 
-    users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
-      { name = "openldap";
+    users.extraUsers.openldap =
+      { name = cfg.user;
         group = cfg.group;
         uid = config.ids.uids.openldap;
-      });
+      };
 
-    users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton
-      { name = "openldap";
+    users.extraGroups.openldap =
+      { name = cfg.group;
         gid = config.ids.gids.openldap;
-     });
+      };
 
   };
 }