openldap: test starting with empty DB

This addresses the original concern behind #92544
This commit is contained in:
Kai Wohlfahrt 2022-06-05 20:03:46 +01:00 committed by Jörg Thalheim
parent 8a7193fc0a
commit 334d622ec7
2 changed files with 18 additions and 5 deletions

View file

@ -236,7 +236,10 @@ in {
writeConfig = pkgs.writeShellScript "openldap-config" ''
set -euo pipefail
${lib.optionalString (!cfg.mutableConfig) "rm -rf ${configDir}/*"}
${lib.optionalString (!cfg.mutableConfig) ''
chmod -R u+w ${configDir}
rm -rf ${configDir}/*
''}
if [ ! -e "${configDir}/cn=config.ldif" ]; then
${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
fi

View file

@ -81,12 +81,17 @@ in {
};
};
};
declarativeContents."dc=example" = dbContents;
};
specialisation = {
declarativeContents.configuration = { ... }: {
services.openldap.declarativeContents."dc=example" = dbContents;
};
mutableConfig.configuration = { ... }: {
services.openldap.mutableConfig = true;
services.openldap = {
declarativeContents."dc=example" = dbContents;
mutableConfig = true;
};
};
manualConfigDir = {
inheritParentConfig = false;
@ -108,9 +113,14 @@ in {
olcRootPW: foobar
'';
in ''
# Test startup with empty DB
machine.wait_for_unit("openldap.service")
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
with subtest("declarative contents"):
machine.succeed('${specializations}/declarativeContents/bin/switch-to-configuration test')
machine.wait_for_unit("openldap.service")
machine.succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"')
machine.fail('ldapmodify -D cn=root,cn=config -w configpassword -f ${pkgs.writeText "rootpw.ldif" changeRootPw}')
with subtest("mutable config"):
machine.succeed('${specializations}/mutableConfig/bin/switch-to-configuration test')