From f79930849a2cfda9af2a1b949544e3ebb19b48e4 Mon Sep 17 00:00:00 2001 From: Kranium Gikos Mendoza Date: Sat, 21 May 2016 19:49:14 +0800 Subject: [PATCH] openldap: add -h urlList in service so LDAP TLS could be enabled --- nixos/modules/services/databases/openldap.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 9e86559dda04..4d205d07ec61 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -40,6 +40,13 @@ in description = "Group account under which slapd runs."; }; + urlList = mkOption { + type = types.listOf types.string; + default = [ "ldap:///" ]; + description = "URL list slapd should listen on."; + example = [ "ldaps:///" ]; + }; + dataDir = mkOption { type = types.string; default = "/var/db/openldap"; @@ -50,7 +57,7 @@ in type = types.lines; default = ""; description = " - sldapd.conf configuration + slapd.conf configuration "; example = '' include ''${pkgs.openldap}/etc/openldap/schema/core.schema @@ -87,7 +94,7 @@ in mkdir -p ${cfg.dataDir} chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ''; - serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; + serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -h \"${concatStringsSep " " cfg.urlList}\" -f ${configFile}"; }; users.extraUsers.openldap =