* Some slightly hacky LDAP support. The problem is that Glibc has to

be able to find the LDAP NSS module, which is normally installed in Glibc's prefix (under /lib/libnss_ldap...). Of course, we can't do that; it wouldn't be pure. As a workaround, we simply add nss_ldap to the LD_LIBRARY_PATH of the nscd daemon, which every other program uses for lookups. So we don't have to put nss_ldap in the LD_LIBRARY_PATH of every program. svn path=/nixos/trunk/; revision=7684
2024-11-01 23:22:37 +00:00 · 2007-01-15 17:19:41 +00:00 · 2007-01-15 17:19:41 +00:00 · 554ae9908b
commit 554ae9908b
parent af19b39a4b
5 changed files with 22 additions and 5 deletions
--- a/system/etc/nsswitch.conf
+++ b/system/etc/nsswitch.conf
@ -1,5 +1,6 @@
-passwd:         compat
-group:          compat
+passwd:         ldap files
+group:          ldap files
+shadow:         ldap files

 hosts:          files dns
 networks:       files dns
--- a/system/system.nix
+++ b/system/system.nix
@ -115,9 +115,16 @@ rec {
  };


+  # NSS modules.  Hacky!
+  nssModules = [pkgs.nss_ldap];
+
+  nssModulesPath = pkgs.lib.concatStrings (pkgs.lib.intersperse ":" 
+    (map (mod: mod + "/lib") nssModules));
+
+
  # The services (Upstart) configuration for the system.
  upstartJobs = import ./upstart.nix {
-    inherit config pkgs nix;
+    inherit config pkgs nix nssModulesPath;
  };


--- a/system/upstart.nix
+++ b/system/upstart.nix
@ -1,4 +1,4 @@
-{config, pkgs, nix}:
+{config, pkgs, nix, nssModulesPath}:

 let 

@ -80,6 +80,7 @@ import ../upstart-jobs/gather.nix {
    # Name service cache daemon.
    (import ../upstart-jobs/nscd.nix {
      inherit (pkgs) glibc pwdutils;
+      inherit nssModulesPath;
    })

    # Handles the maintenance/stalled event (single-user shell).
@ -97,6 +98,7 @@ import ../upstart-jobs/gather.nix {
    (import ../upstart-jobs/sshd.nix {
      inherit (pkgs) writeText openssh glibc pwdutils;
      inherit (pkgs.xorg) xauth;
+      inherit nssModulesPath;
      forwardX11 = config.get ["services" "sshd" "forwardX11"];
      allowSFTP = config.get ["services" "sshd" "allowSFTP"];
    })
--- a/upstart-jobs/nscd.nix
+++ b/upstart-jobs/nscd.nix
@ -1,4 +1,4 @@
-{glibc, pwdutils}:
+{glibc, pwdutils, nssModulesPath}:

 {
  name = "nscd";
@ -9,6 +9,8 @@ description \"Name Service Cache Daemon\"
 start on startup
 stop on shutdown

+env LD_LIBRARY_PATH=${nssModulesPath}
+
 start script

    if ! ${glibc}/bin/getent passwd nscd > /dev/null; then
@ -18,6 +20,8 @@ start script

    mkdir -m 0755 -p /var/run/nscd
    mkdir -m 0755 -p /var/db/nscd
+
+    rm -f /var/db/nscd/* # for testing
    
 end script

--- a/upstart-jobs/sshd.nix
+++ b/upstart-jobs/sshd.nix
@ -1,4 +1,5 @@
 { writeText, openssh, glibc, pwdutils, xauth
+, nssModulesPath
 , forwardX11, allowSFTP
 }:

@ -32,6 +33,8 @@ description \"SSH server\"
 start on network-interfaces/started
 stop on network-interfaces/stop

+env LD_LIBRARY_PATH=${nssModulesPath}
+
 start script
    mkdir -m 0555 -p /var/empty