Skip to content

Openldap

services.openldap.configDir

Use this config directory instead of generating one from the settings option. Overrides all NixOS settings.

Type: null or path

Default

null

Example

"/var/lib/openldap/slapd.d"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.declarativeContents

Declarative contents for the LDAP database, in LDIF format by suffix.

All data will be erased when starting the LDAP server. Modifications to the database are not prevented, they are just dropped on the next reboot of the server. Performance-wise the database and indexes are rebuilt on each server startup, so this will slow down server startup, especially with large databases.

Note that the root of the DB must be defined in services.openldap.settings and the olcDbDirectory must begin with "/var/lib/openldap".

Type: attribute set of strings concatenated with "\n"

Default

{ }

Example

`#!nix { "dc=example,dc=org" = '' dn= dn: dc=example,dc=org objectClass: domain dc: example

dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit
ou: users

# ...

''; } `

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.enable

Whether to enable the ldap server. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.group

Group account under which slapd runs. Type: string

Default

"openldap"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.mutableConfig

Whether to allow writable on-line configuration. If true, the NixOS settings will only be used to initialize the OpenLDAP configuration if it does not exist, and are subsequently ignored.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.package

The openldap package to use. This can be used to, for example, set an OpenLDAP package with custom overrides to enable modules or other functionality.

Type: package

Default

pkgs.openldap

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.settings

Configuration for OpenLDAP, in OLC format Type: submodule

Example

{attrs.olcLogLevel = [ "stats" ];children = {"cn=schema".includes = ["${pkgs.openldap}/etc/schema/core.ldif""${pkgs.openldap}/etc/schema/cosine.ldif""${pkgs.openldap}/etc/schema/inetorgperson.ldif"];"olcDatabase={-1}frontend" = {attrs = {objectClass = "olcDatabaseConfig";olcDatabase = "{-1}frontend";olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];};};"olcDatabase={0}config" = {attrs = {objectClass = "olcDatabaseConfig";olcDatabase = "{0}config";olcAccess = [ "{0}to * by * none break" ];};};"olcDatabase={1}mdb" = {attrs = {objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];olcDatabase = "{1}mdb";olcDbDirectory = "/var/lib/openldap/ldap";olcDbIndex = ["objectClass eq""cn pres,eq""uid pres,eq""sn pres,eq,subany"];olcSuffix = "dc=example,dc=com";olcAccess = [ "{0}to * by * read break" ];};};};};

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.settings.attrs

Attributes of the parent entry. Type: attribute set of ((LDAP value - either a string, or an attrset containingpathorbase64for included values or base-64 encoded values respectively. ) or list of (LDAP value - either a string, or an attrset containingpathorbase64for included values or base-64 encoded values respectively. ))

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.settings.children

Child entries of the current entry, with recursively the same structure. Type: attribute set of (submodule)

Default

{ }

Example

{"cn=schema" = {# The attribute used in the DN must be definedattrs = { cn = "schema"; };children = {# This entry's DN is expanded to "cn=foo,cn=schema""cn=foo" = { ... };};# These includes are inserted after "cn=schema", but before "cn=foo,cn=schema"includes = [ ... ];};}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.settings.includes

LDIF files to include after the parent's attributes but before its children.

Type: list of path

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.urlList

URL list slapd should listen on. Type: list of string

Default

["ldap:///"]

Example

["ldaps:///"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix

services.openldap.user

User account under which slapd runs. Type: string

Default

"openldap"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/databases/openldap.nix