tvl-depot/third_party/openldap/default.nix

28 lines
867 B
Nix
Raw Normal View History

# OpenLDAP by default uses a simple shalted SHA1-hash for passwords,
# which is less than ideal.
#
# It does however include a contrib module which adds support for the
# Argon2 password hashing scheme. This overrides then OpenLDAP build
# derivation to include this module.
{ pkgs, ... }:
pkgs.openldap.overrideAttrs(old: {
buildInputs = old.buildInputs ++ [ pkgs.libsodium ];
postBuild = ''
${old.postBuild}
make $makeFlags -C contrib/slapd-modules/passwd/argon2
'';
# This is required because the Makefile for this module hardcodes
# /usr/bin/install, which is not a valid path - we want it to be
# looked up from $PATH because it is included in stdenv.
installFlags = old.installFlags ++ [ "INSTALL=install" ];
postInstall = ''
${old.postInstall}
make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
'';
})