dataset/seed/openldap/extras/accounts/00_account.xml

<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
  <variables>
    <variable name="remotes" description="Remote services with an account" type="domainname" multi="True" provider="LDAP"/>
    <family name="remote_" dynamic="accounts.remotes" hidden="True">
      <variable name="family_" provider="LDAP:family"/>
      <variable name="dn_" provider="LDAP:dn"/>
      <variable name="password_" type="password" provider="LDAP:password"/>
      <variable name="base_dn_" provider="LDAP:base_dn"/>
    </family>
    <family name="users" description="Users management" leadership="True" help="Management of manually created local users. Those users are not classified.">
      <variable name='ldap_user_mail' type="mail" description="Email address" multi="True" test="johndoe@example.net" help="An user is identify by his email address."/>
      <variable name='ldap_user_aliases' type="mail" description="Emails aliases" multi="True" test="jdoe@example.net"/>
      <variable name='ldap_user_uid' type="unix_user" description="Account name" mandatory="True" test="jdoe"/>
      <variable name='ldap_user_gn' type="string" description="Given name" mandatory="True" test="John"/>
      <variable name='ldap_user_sn' type="string" description="Surname" mandatory="True" test="Doe"/>
      <variable name='ldap_user_password' type="password" mandatory="True" hidden="True"/>
    </family>
    <variable name="families" description="Families to create" type="unix_user" multi="True" help="Users can be classified into families. This variable contains all the names of the families to be created."/>
    <family name="family_" description="Management of family " dynamic="accounts.families">
      <family name="users_" description="Users management for the family " leadership="True" help="Management of manually created users. Those users are classified in a family.">
        <variable name='ldap_user_mail_' type="mail" description="Email address for the family " multi="True" test="johndoe@family.net" help="An user is identify by his email address."/>
        <variable name='ldap_user_aliases_' type="mail" description="Emails aliases for the family " multi="True" test="jdoe@family.net"/>
        <variable name='ldap_user_uid_' type="unix_user" description="Account name for the family " mandatory="True" test="jdoe"/>
        <variable name='ldap_user_gn_' type="string" description="Given name for the family " mandatory="True" test="John"/>
        <variable name='ldap_user_sn_' type="string" description="Surname for the family " mandatory="True" test="Doe"/>
        <variable name='ldap_user_password_' type="password" mandatory="True" hidden="True"/>
      </family>
    </family>
  </variables>
  <constraints>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username" type='variable'>accounts.users.ldap_user_mail</param>
      <param name="description">ldap user</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <param name="temporary" type="boolean">True</param>
      <target>accounts.users.ldap_user_password</target>
    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username" type='variable'>accounts.family_.users_.ldap_user_mail_</param>
      <param name="description">ldap family user</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <param name="temporary" type="boolean">True</param>
      <target>accounts.family_.users_.ldap_user_password_</target>
    </fill>
  </constraints>
</rougail>