{
lib,
stdenv,
fetchurl,
# dependencies
cyrus_sasl,
groff,
libsodium,
libtool,
openssl,
systemdMinimal,
libxcrypt,
# passthru
nixosTests,
}:
stdenv.mkDerivation rec {
pname = "openldap";
version = "2.6.8";
src = fetchurl {
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz";
hash = "sha256-SJaTI+lOO+OwPGoTKULcun741UXyrTVAFwkBn2lsPE4=";
};
# TODO: separate "out" and "bin"
outputs = [
"out"
"dev"
"man"
"devdoc"
];
__darwinAllowLocalNetworking = true;
enableParallelBuilding = true;
nativeBuildInputs = [
groff
buildInputs =
[
(cyrus_sasl.override {
inherit openssl;
})
libsodium
libtool
openssl
]
++ lib.optionals (stdenv.hostPlatform.isLinux) [
libxcrypt # causes linking issues on *-darwin
systemdMinimal
preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") ''
MACOSX_DEPLOYMENT_TARGET=10.16
'';
configureFlags =
"--enable-argon2"
"--enable-crypt"
"--enable-modules"
"--enable-overlays"
++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes"
++ lib.optional stdenv.hostPlatform.isFreeBSD "--with-pic";
env.NIX_CFLAGS_COMPILE = toString [ "-DLDAPI_SOCK=\"/run/openldap/ldapi\"" ];
makeFlags = [
"CC=${stdenv.cc.targetPrefix}cc"
"STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
"STRIP_OPTS="
"prefix=${placeholder "out"}"
"sysconfdir=/etc"
"systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
# contrib modules require these
"moduledir=${placeholder "out"}/lib/modules"
"mandir=${placeholder "out"}/share/man"
extraContribModules = [
# https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
"passwd/sha2"
"passwd/pbkdf2"
"passwd/totp"
postBuild = ''
for module in $extraContribModules; do
make $makeFlags CC=$CC -C contrib/slapd-modules/$module
done
preCheck = ''
substituteInPlace tests/scripts/all \
--replace "/bin/rm" "rm"
# skip flaky tests
rm -f tests/scripts/test063-delta-multiprovider
# https://bugs.openldap.org/show_bug.cgi?id=10009
# can probably be re-added once https://github.com/cyrusimap/cyrus-sasl/pull/772
# has made it to a release
rm -f tests/scripts/test076-authid-rewrite
doCheck = true;
# The directory is empty and serve no purpose.
preFixup = ''
rm -r $out/var
installFlags = [
"sysconfdir=${placeholder "out"}/etc"
"INSTALL=install"
postInstall = ''
make $installFlags install -C contrib/slapd-modules/$module
chmod +x "$out"/lib/*.{so,dylib}
passthru.tests = {
inherit (nixosTests) openldap;
kerberosWithLdap = nixosTests.kerberos.ldap;
meta = with lib; {
homepage = "https://www.openldap.org/";
description = "Open source implementation of the Lightweight Directory Access Protocol";
license = licenses.openldap;
maintainers = with maintainers; [ hexa ] ++ teams.helsinki-systems.members;
platforms = platforms.unix;
}