<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
  <variables>
    <variable name="remotes" description="Serveurs distant ayant un compte" type="domainname" multi="True" provider="clients"/>
    <family name="remote_" description="Compte LDAP pour " dynamic="accounts.remotes">
      <variable name="dn_" description="LDAP DN" hidden="True" provider="dn"/>
      <variable name="password_" description="Mot de passe" auto_save="True" hidden="True" provider="client_password"/>
      <variable name="read_only_" description="Le compte est en lecture seule" type="boolean"/>
    </family>
    <family name="users" description="Gestion des utilisateurs" leadership="True">
      <variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/>
      <variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME -->
      <variable name='ldap_user_uid' type="unix_user" description="Nom de compte" mandatory="True"/>
      <variable name='ldap_user_sn' type="string" description="Prénom" mandatory="True"/>
      <variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/>
      <variable name='ldap_user_password' type="password" description="Mot de passe" mandatory="True" hidden="True"/>
    </family>
    <family name="acl" description="Gestion des droits d'accès aux attributes" leadership="True">
      <variable name='ldap_acl_attribute' type="string" description="ACL de l'attribut" multi="True"/>
      <variable name='ldap_acl_rights' type="string" description="ACL de l'attribut" multi="True"/>
    </family>
  </variables>
  <constraints>
    <fill name='calc_value'>
      <param>cn=</param>
      <param type='suffix'></param>
      <param>,</param>
      <param type='variable'>ldap_base_dn</param>
      <param name="join"></param>
      <target>accounts.remote_.dn_</target>
    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username" type='suffix'/>
      <param name="description">remote account</param>
      <param name="type">cleartext</param>
      <param name="temporary" type="boolean">True</param>
      <target>accounts.remote_.password_</target>
    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username" type='variable'>accounts.users.ldap_user_mail</param>
      <param name="description">ldap user</param>
      <param name="type">cleartext</param>
      <param name="temporary" type="boolean">True</param>
      <target>accounts.users.ldap_user_password</target>
    </fill>
  </constraints>
</rougail>