Convert "ldap" (untested)

svn path=/nixos/branches/fix-style/; revision=14362

etc/default.nix

@@ -187,15 +187,6 @@ let
     target = "ssmtp/ssmtp.conf";
   }
 
-  # LDAP configuration.
-  ++ optional config.users.ldap.enable {
-    source = import ./ldap.conf.nix {
-      inherit (pkgs) writeText;
-      inherit config;
-    };
-    target = "ldap.conf";
-  }
-    
   # A bunch of PAM configuration files for various programs.
   ++ (map
     (program:

system/options.nix

@@ -2043,46 +2043,6 @@ in
   };
 
 
-  users = {
-
-    ldap = {
-
-      enable = mkOption {
-        default = false;
-        description = "
-          Whether to enable authentication against an LDAP server.
-        ";
-      };
-
-      server = mkOption {
-        example = "ldap://ldap.example.org/";
-        description = "
-          The URL of the LDAP server.
-        ";
-      };
-
-      base = mkOption {
-        example = "dc=example,dc=org";
-        description = "
-          The distinguished name of the search base.
-        ";
-      };
-
-      useTLS = mkOption {
-        default = false;
-        description = "
-          If enabled, use TLS (encryption) over an LDAP (port 389)
-          connection.  The alternative is to specify an LDAPS server (port
-          636) in <option>users.ldap.server</option> or to forego
-          security.
-        ";
-      };
-
-    };
-
-  };
-
-
   nesting = {
     children = mkOption {
       default = [];
@@ -2158,6 +2118,9 @@ in
     (import ../upstart-jobs/pulseaudio.nix)
     (import ../upstart-jobs/kbd.nix)
 
+    #users
+    (import ../upstart-jobs/ldap)
+
 
 
     # fonts

upstart-jobs/ldap/default.nix

@@ -0,0 +1,76 @@
+{pkgs, config, ...}:
+
+###### interface
+let
+  inherit (pkgs.lib) mkOption mkIf;
+
+  options = {
+    users = {
+      ldap = {
+
+        enable = mkOption {
+          default = false;
+          description = "
+            Whether to enable authentication against an LDAP server.
+          ";
+        };
+
+        server = mkOption {
+          example = "ldap://ldap.example.org/";
+          description = "
+            The URL of the LDAP server.
+          ";
+        };
+
+        base = mkOption {
+          example = "dc=example,dc=org";
+          description = "
+            The distinguished name of the search base.
+          ";
+        };
+
+        useTLS = mkOption {
+          default = false;
+          description = "
+            If enabled, use TLS (encryption) over an LDAP (port 389)
+            connection.  The alternative is to specify an LDAPS server (port
+            636) in <option>users.ldap.server</option> or to forego
+            security.
+          ";
+        };
+
+      };
+    };
+  };
+in
+
+###### implementation
+
+mkIf config.users.ldap.enable {
+  require = [
+    options
+  ];
+
+  # LDAP configuration.
+  environment = {
+    etc = [
+
+      # Careful: OpenLDAP seems to be very picky about the indentation of
+      # this file.  Directives HAVE to start in the first column!
+      { source = pkgs.writeText "ldap.conf" ''
+        uri ${config.users.ldap.server}
+        base ${config.users.ldap.base}
+        
+        ${
+        if config.users.ldap.useTLS then ''
+        ssl start_tls
+        tls_checkpeer no
+        '' else ""
+        }
+      '';
+        target = "ldap.conf";
+      }
+    ];
+  };
+
+}