Anyone have good pointers on how to use LDAP in nixos

I’d like to figure out if it is reasonable to set up a LDAP server, and have other services use it (including potentially login). I’d also like to be able to add users to this LDAP server via a program or API without having a manual process per user. Is this a resonable thing to do in NixOS?

I’ve looked around at the NixOS wiki, and tried cribbing from other’s files, and find that the most common error is that the extraConfig string is not supported. The release notes point to importing an existing ldap config into settings somehow, but fail to quote what they are doing, or why. Since I have no existing database or setup, this seems less than useful.

I’m an LDAP noob, and only mildly competent in NixOS, despite being willing and able to bang out code to get things done. Therefore, it seems very reasonable that the answer is ‘we have no such config, this is too complicated’. If that’s the answer, that would save me a trip down a rabbit hole with no carrot.

The VM tests may be useful as reference on how to configure something, e.g. nixpkgs/sssd-ldap.nix at bb30802e32b37f67bac1186d2da986f88c95628f · NixOS/nixpkgs · GitHub (LDAP + sssd to provide PAM with users from LDAP) or nixpkgs/openldap.nix at bb30802e32b37f67bac1186d2da986f88c95628f · NixOS/nixpkgs · GitHub

@Sandro weren’t you contributing to a super simple LDAP thing?

Yeah, I just looked it up: GitHub - majewsky/portunus: Self-contained user/group management and authentication service

Even packaged it for NixOS IIRC.

Yes, the options are under NixOS Search and the README of portunus is also a great starting point to get a basic understanding how to integrate LDAP into other applications.