Modular OpenLDAP #21764

Open
wants to merge 1 commit into
from

Projects

None yet

5 participants

@ip1981
Contributor
ip1981 commented Jan 9, 2017 edited

Turn on all overlays and all modules except perl, ndb, sql.
Those modules aren't built by default anyway.

This change does not add new dependencies, but will require
additional configuration to load modules, including back_mdb.

This is how OpenLDAP is built in Debian.

Motivation for this change
Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot

@ip1981, thanks for your PR! By analyzing the history of the files in this pull request, we identified @chaoflow, @edolstra and @DerTim1 to be potential reviewers.

@ip1981 ip1981 Modular OpenLDAP
Turn on all overlays and all modules except perl, ndb, sql.
Those modules aren't built by default anyway.

This change does not add new dependencies, but will require
additional configuration to load modules, including `back_mdb`.

This is how OpenLDAP is built in Debian.
43805ec
@Mic92
Contributor
Mic92 commented Jan 9, 2017

How does this affect existing configuration? Is it required to load modules manually?

@ip1981
Contributor
ip1981 commented Jan 9, 2017
dn: cn=module{0},cn=config
cn: module{0}
objectClass: olcModuleList
olcModuleLoad: {0}back_mdb
@Mic92
Contributor
Mic92 commented Jan 9, 2017

Do you agree on this change @DerTim1 ? I am not an expert on ldap myself.

@DerTim1
Contributor
DerTim1 commented Jan 9, 2017

I'm doing a review at the moment...

@ip1981
Contributor
ip1981 commented Jan 9, 2017

I'm an expert in openldap zalora/nixsap@7511e9b :D

+ "--disable-ndb"
+ "--disable-perl"
+ "--disable-sql"
+ "--enable-backends=mod"
@DerTim1
DerTim1 Jan 9, 2017 Contributor

Put backends to modular load (default: yes) is problematic. If you load a module (e.g. back_hdb), you have to specify the path of modules-dir. This path is in a nix-store.
If we need this configure option, we have to add something like this
ln -s /nix/store/hv58j5qilznnc3arjgdzymkq58cxn9wc-openldap-2.4.44/libexec/openldap /usr/lib/ldap
to the openldap-service of NixOS. Then we can use a static path to load modules in config-files (slapd.conf) or with config-dir (slap.d).
But I think /usr/lib/ldap (default) isn't a good idea. Maybe /var/db/openldap/modules is a better choise

@ip1981
ip1981 Jan 9, 2017 Contributor

have to specify the path of modules-dir

No you haven't. OpenLDAP modules are immediately available, because it knows its libdir ($out/lib/...)

@ip1981
ip1981 Jan 9, 2017 Contributor

Third-party modules, if any, can be loaded by absolute path (/foo or /nix/store/).

@DerTim1
DerTim1 Jan 9, 2017 Contributor

Ok, I will retry with a different slap.d-configuration.
Be right back...

@Mic92
Contributor
Mic92 commented Jan 9, 2017

@ip1981 Thanks, but I like the four eyes principle, because we are all humans.

@DerTim1
DerTim1 approved these changes Jan 9, 2017 View changes

Ok, approved with my slap.d-conf.
But I haven't tested the NixOS-module with the example slapd.conf

@DerTim1
Contributor
DerTim1 commented Jan 9, 2017 edited

@Mic92 Now also approved with example-slapd.conf...

@Mic92
Contributor
Mic92 commented Jan 9, 2017

@DerTim1 we have a different openldap pull request to be merged. Because this change will trigger a number of rebuilds this should be probably merged with #21648

@DerTim1
Contributor
DerTim1 commented Jan 10, 2017

@Mic92 Entirely right

@vcunat vcunat changed the base branch to NixOS:staging from NixOS:master Jan 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment