};
systemd.services.openldap = {
preStart = ''
+ set -e
# NOTE: slapd's config is always re-initialized.
rm -rf "${openldap.configDir}"/cn=config \
"${openldap.configDir}"/cn=config.ldif
install -D -d -m 0700 -o "${openldap.user}" -g "${openldap.group}" "${olcDbDirectory}"
'') openldap.databases
+ ''
- # NOTE: slapd is supposed to be stopped while in preStart,
- # hence slap* commands can safely be used.
+ # NOTE: slapd is supposed to have been stopped by systemd
+ # before entering this preStart,
+ # hence slap* commands can safely be used.
+ #
+ # NOTE: slapadd(8):
+ # To populate the config database slapd-config(5),
+ # use -n 0 as it is always the first database.
+ # It must physically exist on the filesystem prior to this, however.
umask 0077
${pkgs.openldap}/bin/slapadd -n 0 \
-F "${openldap.configDir}" \
-l ${configLDIF}
chown -R "${openldap.user}:${openldap.group}" "${openldap.configDir}"
- # NOTE: slapadd(8): To populate the config database slapd-config(5),
- # use -n 0 as it is always the first database.
- # It must physically exist on the filesystem prior to this, however.
'' +
unlinesAttrs (olcSuffix: {data, olcDbDirectory, resetData, ...}:
lib.optionalString resetData ''
, gidNumber ? uidNumber
, cn ? ""
, sn ? ""
- , userPassword ? "{SSHA}xeJMEPlG8UKU3iTPwOgFyadeCHwSZH+z"
+ , userPassword ? "{SSHA}JtC8S4nzm+eX9cVgbyL6gquPWDZD4xXY"
+ # NOTE: doveadm pw -s SSHA -u $user -p $pass
, mailAlias ? []
, loginShell ? "/run/current-system/sw/bin/bash"
, mailEnabled ? true
dn: cn=${networking.domainBase},ou=groups,ou=posix,${domainSuffix}
objectClass: top
objectClass: posixGroup
- gidnumber: 20000
- memberuid: ju
- memberuid: sevy
+ gidNumber: 20000
+ memberUid: ju
+ memberUid: sevy
''
+ lib.concatMapStrings posixAccount [
sourcephile / git / sourcephile-nix.git / commitdiff