services.openldap.declarativeContents

Declarative contents for the LDAP database, in LDIF format by suffix.

All data will be erased when starting the LDAP server. Modifications to the database are not prevented, they are just dropped on the next reboot of the server. Performance-wise the database and indexes are rebuilt on each server startup, so this will slow down server startup, especially with large databases.

Note that the root of the DB must be defined in services.openldap.settings and the olcDbDirectory must begin with "/var/lib/openldap".

Type

attribute set of strings concatenated with "\n"

Default

{ }

Example

{
  "dc=example,dc=org" = ''
    dn= dn: dc=example,dc=org
    objectClass: domain
    dc: example

    dn: ou=users,dc=example,dc=org
    objectClass = organizationalUnit
    ou: users

    # ...
  '';
}

Declared

<nixpkgs/nixos/modules/services/databases/openldap.nix>