# BaseDN
%set groups = {}
dn: %%ldapclient_base_dn
%set %%attribute, %%organization = %%ldapclient_base_dn.split(',', 1)[0].split('=')
%%attribute: %%organization
objectClass: top
%if %%attribute == 'o'
objectClass: organization
%else
objectClass: organizationalUnit
%end if

# Remote
%for %%remote in %%accounts.remotes
 %set %%name = %%normalize_family(%%remote)
dn: %%accounts['remote_' + %%name]['dn_' + %%name]
cn: %%remote
sn: %%remote
uid: %%remote
userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
objectClass: top
objectClass: inetOrgPerson

%end for
# Accounts
dn: %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=None, base=True)
ou: accounts
objectClass: top
objectClass: organizationalUnit

## Accounts users
%set %%users = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=None)
dn: %%users
ou: users
objectClass: top
objectClass: organizationalUnit

%for %%user in %%accounts.users.ldap_user_mail
%set %%userdn = "cn=" + %%user + "," + %%users
%%groups.setdefault('users', []).append(%%userdn)
dn: %%userdn
cn: %%user
mail: %%user
sn: %%user.ldap_user_sn
givenName: %%user.ldap_user_gn
uid: %%user.ldap_user_uid
userPassword:: %%ssha_encode(%%user.ldap_user_password)
homeDirectory: /srv/home/users/%%user
mailLocalAddress: %%user
  %if %%user.ldap_user_aliases
    %for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
    %end for
  %end if
uidNumber: 0
gidNumber: 0
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient

%end for
## Families
dn: %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name='-')
ou: families
objectClass: top
objectClass: organizationalUnit

%for %%family in %%accounts.families
%set %%families = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=%%family)
dn: %%families
ou: %%family
objectClass: top
objectClass: organizationalUnit

  %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
%set %%userdn = "cn=" + %%user + "," + %%families
%%groups.setdefault(%%family, []).append(%%userdn)
dn: %%userdn
cn: %%user
mail: %%user
sn: %%user['ldap_user_sn_' + %%family]
givenName: %%user['ldap_user_gn_' + %%family]
uid: %%user['ldap_user_uid_' + %%family]
userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family])
homeDirectory: /srv/home/families/%%family/%%user
mailLocalAddress: %%user
    %if %%user['ldap_user_aliases_' + %%family]
      %for %%alias in %%user['ldap_user_aliases_' + %%family]
mailLocalAddress: %%alias
      %end for
    %end if
uidNumber: 0
gidNumber: 0
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient

  %end for
%end for
## Groups
%set %%groupdn = %%calc_ldapclient_base_dn(%%ldapclient_base_dn, family_name=None, group=True)
dn: %%groupdn
ou: groups
objectClass: top
objectClass: organizationalUnit

%for %%group, %%members in %%groups.items()
dn: cn=%%group,%%groupdn
cn: %%group
objectclass: top
objectclass: groupOfNames
 %for %%member in %%members
member: %%member
 %end for

%end for