{% set add_test = True %}
{% set username="rougail_test@silique.fr" %}
{% set username_family="rougail_test@gnunux.info" %}
{% set name_family="gnunux" %}
# BaseDN
{% set groups = {} %}
dn: {{ general.ldap.ldap_base_dn }}
{% set attribute, organization = ldap_base_dn.split(',', 1)[0].split('=') %}
{{ attribute }}: {{ organization }}
objectClass: top
{% if attribute == 'o' %}
objectClass: organization
{% else %}
objectClass: organizationalUnit
{% endif %}

# Remote
{% set acc = [] %}
{% for idx in range(3) %}
{% set name = 'remote_test' + idx|string %}
{{ acc.append(('cn=' + name + ',' + ldap_base_dn, name, name|get_password(server_name=domain_name_eth0, description="remote account", type="cleartext", hide=hide_secret, temporary=True))) }}
{% endfor %}
{% for remote in accounts.remotes %}
{% set name = remote|normalize_family %}
{{ acc.append((accounts['remote_' + name]['dn_' + name], remote, accounts['remote_' + name]['password_' + name])) }}
{% endfor %}
{% for dn, remote, password in acc %}
dn: {{ dn }}
cn: {{ remote }}
sn: {{ remote }}
uid: {{ remote }}
userPassword:: {{ password|ssha_encode }}
objectClass: top
objectClass: inetOrgPerson

{% endfor %}
# Accounts
dn: {{ ldap_account_dn }}
ou: accounts
objectClass: top
objectClass: organizationalUnit

## Accounts users
{% set users = ldap_user_dn %}
dn: {{ users }}
ou: users
objectClass: top
objectClass: organizationalUnit

{% set userdn = 'cn=' + username + ',' + ldap_base_dn|calc_ldapclient_base_dn %}
{% set userfamilydn = 'cn=' + username_family + ',' + ldap_base_dn|calc_ldapclient_base_dn(family_name=name_family) %}
{% set acc = [(userdn, username, username|get_password(server_name='test', description="test", type="cleartext", hide=hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test', [], 'users'),
              (userfamilydn, username_family, username_family|get_password(server_name='test', description='test', type="cleartext", hide=hide_secret, temporary=True), 'Rougail', 'Test', 'rougail_test_gnunux', [], name_family),
              ] %}
{% set x=groups.__setitem__('users', [userdn]) %}
{% set x=groups.__setitem__(name_family, [userfamilydn]) %}
{% for user in accounts.users.ldap_user_mail %}
{% set userdn = "cn=" + user + "," + users %}
{{ acc.append((userdn, user, user.ldap_user_password, user.ldap_user_sn, user.ldap_user_gn, user.ldap_user_uid, user.ldap_user_aliases, 'users')) }}
{{ groups.setdefault('users', []).append(userdn) }}
{% endfor %}
## Families
dn: {{ ldap_base_dn|calc_ldapclient_base_dn(family_name='-') }}
ou: families
objectClass: top
objectClass: organizationalUnit

{% macro add_family(family, families) %}
dn: {{ families }}
ou: {{ family }}
objectClass: top
objectClass: organizationalUnit
{% endmacro %}
{% if add_test and 'gnunux' not in accounts.families %}
{% set families = ldap_base_dn|calc_ldapclient_base_dn(family_name='gnunux') %}
{{ add_family('gnunux', families) }}
{% endif %}
{% for family in accounts.families %}
{% set families = ldap_base_dn|calc_ldapclient_base_dn(family_name=family) %}
{{ add_family(family, families) }}
{% for user in accounts['family_' + family]['users_' + family]['ldap_user_mail_' + family] %}
{% set userdn = "cn=" + user + "," + families %}
{{ groups.setdefault(family, []).append(userdn) }}
{{ acc.append((userdn, user, user['ldap_user_password_' + family], user['ldap_user_sn_' + family], user['ldap_user_gn_' + family], user['ldap_user_uid_' + family], user['ldap_user_aliases_' + family], family)) }}
{% endfor %}
{% endfor %}
{% for userdn, user, password, sn, gn, uid, aliases, family in acc %}
dn: {{ userdn }}
cn: {{ user }}
mail: {{ user }}
sn: {{ sn }}
givenName: {{ gn }}
uid: {{ uid }}
userPassword:: {{ password|ssha_encode }}
{% if family == 'users' %}
homeDirectory: /srv/home/users/{{ user }}
{% else %}
homeDirectory: /srv/home/families/{{ family }}/{{ user }}
{% endif %}
mailLocalAddress: {{ user }}
{% if aliases %}
{% for alias in aliases %}
mailLocalAddress: {{ alias }}
{% endfor %}
{% endif %}
uidNumber: 0
gidNumber: 0
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: inetLocalMailRecipient

{% endfor %}
## Groups
{% set groupdn = ldap_group_dn %}
dn: {{ groupdn }}
ou: groups
objectClass: top
objectClass: organizationalUnit

{% for group, members in groups.items() %}
dn: cn={{ group }},{{ groupdn }}
cn: {{ group }}
objectclass: top
objectclass: groupOfNames
{% for member in members %}
member: {{ member }}
{% endfor %}

{% endfor %}