Skip to content

Comments

[staging] openldap: remove deprecated options, improve encapsulation #179597

Merged
mweinelt merged 9 commits intoNixOS:stagingfrom
Mic92:openldap-path
Jul 21, 2022
Merged

[staging] openldap: remove deprecated options, improve encapsulation #179597
mweinelt merged 9 commits intoNixOS:stagingfrom
Mic92:openldap-path

Conversation

@Mic92
Copy link
Member

@Mic92 Mic92 commented Jun 29, 2022

Description of changes

same as #176449 but conflicts resolved.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@kwohlfahrt @Mic92
openldap: remove deprecated options
6e6f33a
@kwohlfahrt @Mic92
openldap: change default ldapi directory
d1f55ce 
By default, this is /run/ldapi, which is not compatible with systemd's
runtime directories. Change it to /run/slapd/ldapi (in library and
server). This makes `ldapi:///` work as a default socket again.
@kwohlfahrt @Mic92
openldap: Allow notify outside of main thread
d72f89a 
This fixes a bug I observed in deployment on a RPi, but not able to
reproduce in tests.
@kwohlfahrt @Mic92
openldap: run in foreground
38ead94 
Now that we use notify daemon type, this works safely and simplifies
configuration.
@kwohlfahrt @Mic92
openldap: run under systemd-defined user/group
fd7d901 
This improves security, by starting the service as an unprivileged user,
rather than starting as root and relying on the service to drop
privileges. This requires a significant cleanup of pre-init scripts, to
make use of StateDirectory and RuntimeDirectory for permissions.
@kwohlfahrt @Mic92
openldap: use specialisations for tests
ad5acb9 
This speeds up tests a bit. Also, ensure that mutable config works for
manual config dir.
@kwohlfahrt @Mic92
openldap: test and fix mutable config
8a7193f
@kwohlfahrt @Mic92
openldap: test starting with empty DB
334d622 
This addresses the original concern behind NixOS#92544
@kwohlfahrt @Mic92
openldap: change runtime directory
60d1c1d 
Use `openldap` for consistency between `/var/lib` and `/run`.
@Mic92 Mic92 changed the base branch from master to staging June 29, 2022 18:00
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jun 29, 2022
@Mic92 Mic92 requested a review from kwohlfahrt June 29, 2022 18:00
@ofborg ofborg bot requested review from ajs124, dasJ and mweinelt June 29, 2022 18:19
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 2501-5000 This PR causes many rebuilds on Linux and should target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. and removed 10.rebuild-darwin: 501-1000 This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 2501-5000 This PR causes many rebuilds on Linux and should target the staging branches. labels Jun 29, 2022
@Mic92 Mic92 changed the title Openldap path [staging] openldap: remove deprecated options, improve encapsulation Jun 29, 2022
kwohlfahrt
kwohlfahrt approved these changes Jul 21, 2022
View reviewed changes
Copy link
Contributor

@kwohlfahrt kwohlfahrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I didn't realize my original PR had gone stale. This all still looks good, sorry for the delay in reviewing, it's been a busy few weeks!

@mweinelt mweinelt merged commit 457d109 into NixOS:staging Jul 21, 2022
@mweinelt mweinelt mentioned this pull request Jul 22, 2022
Closed
13 tasks
@Mic92 Mic92 deleted the openldap-path branch July 22, 2022 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mweinelt mweinelt Awaiting requested review from mweinelt

@ajs124 ajs124 Awaiting requested review from ajs124

@dasJ dasJ Awaiting requested review from dasJ

1 more reviewer

@kwohlfahrt kwohlfahrt kwohlfahrt approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: clean-up This PR removes packages or removes other cruft 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Mic92 @kwohlfahrt @mweinelt