<?xml version="1.0" encoding="utf-8"?>

<rougail version="0.10">
  <services>
    <service name="ldap_client" manage="False">
      <file source="ldap.conf" file_type="variable">ldap_client_file</file>
      <file source="ca_LDAP.crt" file_type="variable">ldap_ca_file</file>
      <file source="ldap_client.crt" file_type="variable">ldap_cert_file</file>
      <file source="ldap_client.key" file_type="variable" owner_type="variable" owner="ldap_key_file_owner" group_type="variable" group="ldap_key_file_group" mode="440">ldap_key_file</file>
    </service>
  </services>
  <variables>
    <family name="annuaire">
      <variable name='ldap_server_address' type='domainname' description="Nom DNS du serveur LDAP" mandatory='True'/>
      <variable name='ldapclient_remote_user' type='string' description="DN de l'tilisateur distant" mandatory='True' hidden="True"/>
      <variable name='ldapclient_remote_user_password' type='password' description="Mot de passe de l'utilisateur distant" mandatory='True' hidden="True"/>
      <variable name='ldap_base_dn' type='string' description="Base DN de l'annuaire" mandatory="True" test="dc=test,o=fr"/>
      <variable name='ldap_port' type='port' description='Port du serveur LDAP' mandatory='True' test="636"/>
      <variable name="ldap_ca_file" type="filename" description="LDAP CA filename" hidden="True"/>
      <variable name="ldap_cert_file" type="filename" description="LDAP certificate filename" hidden="True"/>
      <variable name="ldap_key_file" type="filename" description="LDAP private key filename" hidden="True"/>
      <variable name="ldap_key_file_owner" type="unix_user" description="LDAP private key file owner" hidden="True">
        <value>root</value>
      </variable>
      <variable name="ldap_key_file_group" type="unix_user" description="LDAP private key file group" hidden="True">
        <value>root</value>
      </variable>
    </family>
  </variables>
  <constraints>
    <check name='valid_base_dn'>
      <target>ldap_base_dn</target>
    </check>
    <fill name="calc_value">
      <param type="variable">tls_ca_directory</param>
      <param>ca_LDAP.crt</param>
      <param name="join">/</param>
      <target>ldap_ca_file</target>
    </fill>
    <fill name="calc_value">
      <param type="variable">tls_cert_directory</param>
      <param>ldap_client.crt</param>
      <param name="join">/</param>
      <target>ldap_cert_file</target>
    </fill>
    <fill name="calc_value">
      <param type="variable">tls_key_directory</param>
      <param>ldap_client.key</param>
      <param name="join">/</param>
      <target>ldap_key_file</target>
    </fill>
    <fill name="set_linked">
      <param name="linked_server" type="variable">ldap_server_address</param>
      <param name="linked_provider">clients</param>
      <param name="linked_value" type="variable">domain_name_eth0</param>
      <param name="linked_returns">dn</param>
      <param name="dynamic" type="variable">domain_name_eth0</param>
      <target>ldapclient_remote_user</target>
    </fill>
    <fill name="get_linked_configuration">
      <param name="linked_server" type="variable">ldap_server_address</param>
      <param name="linked_provider">client_password</param>
      <param name="dynamic" type="variable">domain_name_eth0</param>
      <target>ldapclient_remote_user_password</target>
    </fill>
    <fill name="get_linked_configuration">
      <param name="linked_server" type="variable">ldap_server_address</param>
      <param name="linked_provider">LDAP_DN</param>
      <target>ldap_base_dn</target>
    </fill>
    <fill name="get_linked_configuration">
      <param name="linked_server" type="variable">ldap_server_address</param>
      <param name="linked_provider">LDAP_PORT</param>
      <target>ldap_port</target>
    </fill>
  </constraints>
</rougail>