2022-03-08 19:42:28 +01:00
<?xml version="1.0" encoding="utf-8"?>
<rougail version= "0.10" >
<services >
2022-12-25 17:08:52 +01:00
<service name= "ldap-client" target= "risotto" engine= "cheetah" >
2022-03-08 19:42:28 +01:00
<file source= "ldap.conf" file_type= "variable" > ldap_client_file</file>
<file source= "ca_LDAP.crt" file_type= "variable" > ldap_ca_file</file>
<file source= "ldap_client.crt" file_type= "variable" > ldap_cert_file</file>
<file source= "ldap_client.key" file_type= "variable" owner_type= "variable" owner= "ldap_key_file_owner" group_type= "variable" group= "ldap_key_file_group" mode= "440" > ldap_key_file</file>
</service>
</services>
<variables >
2022-06-24 19:00:16 +02:00
<family name= "annuaire" description= "Annuaire OpenLDAP" >
<family name= "server" description= "Serveur" >
2022-08-18 10:19:43 +02:00
<variable name= 'ldap_server_address' type= 'domainname' description= "Nom DNS du serveur LDAP" mandatory= 'True' supplier= "LDAP" />
2022-06-24 19:00:16 +02:00
<variable name= 'ldap_port' type= 'port' description= 'Port du serveur LDAP' hidden= "True" >
<value > 636</value>
</variable>
</family>
<family name= "client" description= "Client" >
2022-08-18 10:19:43 +02:00
<variable name= 'ldapclient_family' type= 'unix_user' description= "Nom de la famille LDAP" supplier= "LDAP:family" />
<variable name= 'ldapclient_user' type= 'string' description= "DN de l'utilisateur LDAP" mandatory= 'False' hidden= "True" supplier= "LDAP:dn" />
<variable name= 'ldapclient_user_password' type= 'password' description= "Mot de passe de l'utilisateur LDAP" mandatory= 'True' hidden= "True" supplier= "LDAP:password" />
<variable name= 'ldapclient_base_dn' type= 'string' description= "Base DN de l'annuaire" mandatory= "True" supplier= "LDAP:base_dn" />
<variable name= 'ldapclient_search_dn' type= 'string' description= "Base DN de l'annuaire des utilisateurs" mandatory= "True" />
<variable name= 'ldapclient_group_dn' type= 'string' description= "Base DN de l'annuaire des groupes" mandatory= "True" />
<variable name= 'ldapclient_user_dn' type= 'string' description= "Base DN de l'annuaire des utilisateurs n'appartenant à une famille" mandatory= "True" />
2022-06-24 19:00:16 +02:00
<variable name= "ldap_ca_file" type= "filename" description= "Fichier de l'autorité de certification LDAP" hidden= "True" />
<variable name= "ldap_cert_file" type= "filename" description= "Fichier du certificate LDAP" hidden= "True" />
<variable name= "ldap_key_file" type= "filename" description= "Fichier de la clef privée LDAP" hidden= "True" />
<variable name= "ldap_key_file_owner" type= "unix_user" description= "Propriétaire du fichier de la clef privée LDAP" hidden= "True" >
<value > root</value>
</variable>
<variable name= "ldap_key_file_group" type= "unix_user" description= "Groupe du fichier de la clef privée LDAP" hidden= "True" >
<value > root</value>
</variable>
2022-12-25 20:23:58 +01:00
<variable name= "ldap_client_file" type= "filename" description= "Nom du fichier du client LDAP" hidden= "True" />
2022-06-24 19:00:16 +02:00
</family>
2022-03-08 19:42:28 +01:00
</family>
</variables>
<constraints >
<check name= 'valid_base_dn' >
2022-05-04 10:29:03 +02:00
<target > ldapclient_base_dn</target>
2022-06-24 19:00:16 +02:00
</check>
2022-08-18 10:19:43 +02:00
<fill name= 'get_default_base_dn' >
<param type= "variable" > ldap_server_address</param>
<target > ldapclient_base_dn</target>
</fill>
<fill name= 'calc_value' >
<param > ou=accounts</param>
<param type= "variable" > ldapclient_base_dn</param>
<param name= "join" > ,</param>
<target > ldapclient_search_dn</target>
</fill>
<fill name= 'calc_value' >
<param > cn=</param>
<param type= 'variable' > domain_name_eth0</param>
<param > ,</param>
<param type= 'variable' > ldapclient_base_dn</param>
<param name= "join" > </param>
<target > ldapclient_user</target>
2022-06-25 08:11:37 +02:00
</fill>
2022-03-08 19:42:28 +01:00
<fill name= "calc_value" >
<param type= "variable" > tls_ca_directory</param>
<param > ca_LDAP.crt</param>
<param name= "join" > /</param>
<target > ldap_ca_file</target>
</fill>
<fill name= "calc_value" >
<param type= "variable" > tls_cert_directory</param>
<param > ldap_client.crt</param>
<param name= "join" > /</param>
<target > ldap_cert_file</target>
</fill>
<fill name= "calc_value" >
<param type= "variable" > tls_key_directory</param>
<param > ldap_client.key</param>
<param name= "join" > /</param>
<target > ldap_key_file</target>
</fill>
2022-06-24 19:00:16 +02:00
<fill name= "get_password" >
<param name= "server_name" type= "variable" > ldap_server_address</param>
<param name= "username" type= "variable" > ldapclient_user</param>
<param name= "description" > remote account</param>
<param name= "type" > cleartext</param>
<param name= "hide" type= "variable" > hide_secret</param>
<param name= "temporary" type= "boolean" > True</param>
<target > ldapclient_user_password</target>
2022-03-08 19:42:28 +01:00
</fill>
2022-08-18 10:19:43 +02:00
<fill name= "calc_ldapclient_base_dn" >
<param type= "variable" > ldapclient_base_dn</param>
<param name= "group" type= "boolean" > True</param>
<target > ldapclient_group_dn</target>
</fill>
<fill name= "calc_ldapclient_base_dn" >
<param type= "variable" > ldapclient_base_dn</param>
<target > ldapclient_user_dn</target>
2022-06-24 19:00:16 +02:00
</fill>
2022-12-25 20:23:58 +01:00
<fill name= "calc_value" >
<param > /etc/ldap/ldap.conf</param>
<param name= "condition" type= "variable" > os_name</param>
<param name= "expected" > Debian</param>
<param name= "default" > /etc/openldap/ldap.conf</param>
<target > ldap_client_file</target>
</fill>
2022-03-08 19:42:28 +01:00
</constraints>
</rougail>