openldap: Enable argon2 hash support by default

argon2 is the recommended password hashing function, and the module is
included with OpenLDAP contrib.

This change enables argon2 hashes by default in our OpenLDAP package.

The install command for argon2 needs to be install-lib, as it otherwise
tries to install manpages to /usr, which fails.

pkgs/development/libraries/openldap/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, openssl, db, groff, libtool
+{ lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium
 , withCyrusSasl ? true
 , cyrus_sasl
 }:
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ groff ];
 
-  buildInputs = [ openssl cyrus_sasl db libtool ];
+  buildInputs = [ openssl cyrus_sasl db libsodium libtool ];
 
   # Disable install stripping as it breaks cross-compiling.
   # We strip binaries anyway in fixupPhase.
@@ -46,6 +46,7 @@ stdenv.mkDerivation rec {
   postBuild = ''
     make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2
     make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2
+    make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2
   '';
 
   doCheck = false; # needs a running LDAP server
@@ -54,6 +55,9 @@ stdenv.mkDerivation rec {
     "sysconfdir=$(out)/etc"
     "localstatedir=$(out)/var"
     "moduledir=$(out)/lib/modules"
+    # The argon2 module hardcodes /usr/bin/install as the path for the
+    # `install` binary, which is overridden here.
+    "INSTALL=install"
   ];
 
   # 1. Libraries left in the build location confuse `patchelf --shrink-rpath`
@@ -76,6 +80,7 @@ stdenv.mkDerivation rec {
   postInstall = ''
     make $installFlags install -C contrib/slapd-modules/passwd/sha2
     make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2
+    make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
     chmod +x "$out"/lib/*.{so,dylib}
   '';