From be2175dc949a34334f1ad9a81d95279ead470bb1 Mon Sep 17 00:00:00 2001
From: Dan Callaghan <djc@djc.id.au>
Date: Tue, 19 Jul 2022 22:31:11 +1000
Subject: [PATCH] openldap: load client config from /etc, not the nix store

We want Openldap clients to load /etc/ldap.conf at runtime, not
${pkgs.openldap}/etc/ldap.conf which is always a sample config.

Pass sysconfdir=/etc at compile time, so that /etc/krb5.conf is embedded
in the library as the path of its config file.

Pass sysconfdir=${out}/etc at install time, so that the sample configs
and schema files are correctly included in the build output.

This hack works because the Makefiles are not smart enough to notice
that the sysconfdir variable has changed across invocations -- because
nobody ever writes their Makefiles to be that smart. :-)

Fixes #181937.
---
 nixos/tests/openldap.nix                        | 12 +++++++++++-
 pkgs/development/libraries/openldap/default.nix |  3 ++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix
index 3c388119d5d2..96459d21a5ef 100644
--- a/nixos/tests/openldap.nix
+++ b/nixos/tests/openldap.nix
@@ -13,10 +13,17 @@ let
     objectClass: organizationalUnit
     ou: users
   '';
+  ldapClientConfig = {
+    enable = true;
+    loginPam = false;
+    nsswitch = false;
+    server = "ldap://";
+    base = "dc=example";
+  };
   testScript = ''
     machine.wait_for_unit("openldap.service")
     machine.succeed(
-        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
+        'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword',
     )
   '';
 in {
@@ -57,6 +64,7 @@ in {
         };
         declarativeContents."dc=example" = dbContents;
       };
+      users.ldap = ldapClientConfig;
     };
   }) { inherit pkgs system; };
 
@@ -76,6 +84,7 @@ in {
         rootpw = "notapassword";
         declarativeContents."dc=example" = dbContents;
       };
+      users.ldap = ldapClientConfig;
     };
   }) { inherit system pkgs; };
 
@@ -88,6 +97,7 @@ in {
         enable = true;
         configDir = "/var/db/slapd.d";
       };
+      users.ldap = ldapClientConfig;
     };
 
     testScript = let
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index 551a0827eee2..e6f2c218a5bf 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -97,7 +97,7 @@ stdenv.mkDerivation rec {
     "CC=${stdenv.cc.targetPrefix}cc"
     "STRIP="  # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
     "prefix=${placeholder "out"}"
-    "sysconfdir=${placeholder "out"}/etc"
+    "sysconfdir=/etc"
     "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
     # contrib modules require these
     "moduledir=${placeholder "out"}/lib/modules"
@@ -134,6 +134,7 @@ stdenv.mkDerivation rec {
 
   installFlags = [
     "prefix=${placeholder "out"}"
+    "sysconfdir=${placeholder "out"}/etc"
     "moduledir=${placeholder "out"}/lib/modules"
     "INSTALL=install"
   ];