nixos/openldap: add option for configuring OpenLDAP package to use

In certain cases, for example when custom OpenLDAP modules are compiled into the binary, users may want to override the package used for OpenLDAP. This is especially common in setups where LDAP is the primary authentication source, as good password hashing mechanisms need to be enabled as extra modules.
2025-03-21 03:23:20 +00:00 · 2020-07-01 19:11:00 +01:00 · 2020-07-01 19:11:00 +01:00 · c0122d335b
parent 85c5636938
commit c0122d335b
1 changed files with 21 additions and 9 deletions
--- a/nixos/modules/services/databases/openldap.nix
+++ b/nixos/modules/services/databases/openldap.nix
@ -5,14 +5,14 @@ with lib;
 let

  cfg = config.services.openldap;
-  openldap = pkgs.openldap;
+  openldap = cfg.package;

  dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
  configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
-    include ${pkgs.openldap.out}/etc/schema/core.schema
-    include ${pkgs.openldap.out}/etc/schema/cosine.schema
-    include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
-    include ${pkgs.openldap.out}/etc/schema/nis.schema
+    include ${openldap.out}/etc/schema/core.schema
+    include ${openldap.out}/etc/schema/cosine.schema
+    include ${openldap.out}/etc/schema/inetorgperson.schema
+    include ${openldap.out}/etc/schema/nis.schema
  '') + ''
    ${cfg.extraConfig}
    database ${cfg.database}
@ -46,6 +46,18 @@ in
        ";
      };

+      package = mkOption {
+        type = types.package;
+        default = pkgs.openldap;
+        description = ''
+          OpenLDAP package to use.
+
+          This can be used to, for example, set an OpenLDAP package
+          with custom overrides to enable modules or other
+          functionality.
+        '';
+      };
+
      user = mkOption {
        type = types.str;
        default = "openldap";
@ -152,10 +164,10 @@ in
        ";
        example = literalExample ''
            '''
-            include ${pkgs.openldap.out}/etc/schema/core.schema
-            include ${pkgs.openldap.out}/etc/schema/cosine.schema
-            include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
-            include ${pkgs.openldap.out}/etc/schema/nis.schema
+            include ${openldap.out}/etc/schema/core.schema
+            include ${openldap.out}/etc/schema/cosine.schema
+            include ${openldap.out}/etc/schema/inetorgperson.schema
+            include ${openldap.out}/etc/schema/nis.schema

            database bdb
            suffix dc=example,dc=org