<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<services>
<service name="slapd" target="multi-user">
<override/>
<file source='default.slapd'>/etc/default/slapd</file>
<file>/etc/pki/tls/certs/openldap.crt</file>
<file owner="ldap" mode="400">/etc/pki/tls/private/openldap.key</file>
<file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
<file>/secrets/users.ldif</file>
<file>/secrets/users_mod.ldif</file>
<file>/secrets/config.ldif</file>
<file>/secrets/config_acl.ldif</file>
<file>/secrets/admin_ldap.pwd</file>
<file engine="none">/sysusers.d/risotto-openldap.conf</file>
<file engine="none" source="tmpfile-openldap-server.conf">/tmpfiles.d/0openldap-server.conf</file>
</service>
</services>
<variables>
<family name="annuaire">
<variable name='ldap_server_address' redefine="True" hidden="True"/>
<variable name='ldap_base_dn' redefine="True" mandatory="True" provider="ldap_dn"/>
<variable name='ldap_port' redefine="True" remove_fill="True" hidden="False" provider="ldap_port">
<value>636</value>
</variable>
<variable name='ldap_admin_dn' type='string' description="Administrateur de l'annuaire" mandatory="True" auto_freeze='True'/>
<variable name='ldap_admin_password' type="password" description="Mot de passe de l'administrateur de l'annuaire" hidden='True' auto_save='True'/>
<family name='ldap_index_attribute' leadership='True' description="Gestion des index des attributes">
<variable name='ldap_index_attribute' type='string' description="Attribut à indexer" multi="True">
<value>objectClass</value>
<value>uid</value>
<value>cn</value>
<value>sn</value>
<value>givenName</value>
<value>mail</value>
<value>entryCSN</value>
<value>entryUUID</value>
<value>contextCSN</value>
</variable>
<variable name='ldap_index_indices' type='string' description="Types d'index" multi="True">
<value>eq</value>
<value>pres</value>
</variable>
<variable name='openldap_ca_chain' description="CA certificate" hidden='True'/>
</family>
<variable name='ldap_schemas' type='filename' description='Schémas LDAP additionnel' multi='True'>
<value>/etc/openldap/schema/cosine.ldif</value>
<value>/etc/openldap/schema/inetorgperson.ldif</value>
<value>/etc/openldap/schema/nis.ldif</value>
</variable>
<variable name='ldap_loglevel' type='number' description='Niveau de log' mode="expert">
<value>0</value>
</variable>
<variable name='ldap_sizelimit' type='number' description="Nombre maximum d'entrées à retourner lors d'une requête" mode="expert">
<value>5000</value>
</variable>
<variable name='ldap_timelimit' type='number' description='Temps de réponse maximum à une requête (en secondes)' mode="expert">
<value>3600</value>
</variable>
<variable name='ldapclient_remote_user' redefine="True"/>
<variable name='ldapclient_remote_user_password' redefine="True"/>
</family>
<family name='db_environment' description='DB environment' mode='expert'>
<variable name='db_cache_size_g' description="Quantité de Giga-octets à utiliser pour le cache HDB" type="number">
<value>0</value>
</variable>
<variable name='db_cache_size_o' description="Quantité d'octets à utiliser pour le cache HDB" type="number">
<value>268435456</value>
</variable>
<variable name='db_cache_chunks' description="Nombre de fichiers ou écrire le cache HDB" type="number">
<value>1</value>
</variable>
<variable name='db_log_region_max' type='number' description="Quantité de fichier de cache mis en cache mémoire">
<value>262144</value>
</variable>
<variable name='db_log_max' type='number' description="Quantité d'informations de journalisation conservé jusqu'à rotation">
<value>10485760</value>
</variable>
<variable name='db_log_bsize' type='number' description="Quantité d'informations de journalisation du cache reporté sur le disque">
<value>2097152</value>
</variable>
<variable name='db_log_directory' type='filename' description='Répertoire de conservation des informations de journalisation'>
<value>/var/lib/ldap/logs</value>
</variable>
<variable name='db_lk_max_objects' type='number' description="Numbre d'objet qui peuvent être verrouillés simultanément ">
<value>5000</value>
</variable>
<variable name='db_lk_max' type='number' description='Nombre de verrous maximal'>
<value>5000</value>
</variable>
<variable name='db_lk_max_lockers' type='number' description='Nombre de verrouilleur maximal'>
<value>5000</value>
</variable>
</family>
</variables>
<constraints>
<!--fill/auto-->
<fill name='calc_value'>
<param type='variable'>domain_name_eth0</param>
<target>ldap_server_address</target>
</fill>
<fill name='get_default_base_dn'>
<param type="variable">domain_name_eth0</param>
<target>ldap_base_dn</target>
</fill>
<fill name='calc_value'>
<param>cn=admin</param>
<param type='variable'>ldap_base_dn</param>
<param name="join">,</param>
<target>ldap_admin_dn</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">writer</param>
<param name="description">LDAP</param>
<param name="type">cleartext</param>
<param name="temporary" type="boolean">True</param>
<target>ldap_admin_password</target>
</fill>
<fill name="calc_value">
<param type="variable">ldap_admin_dn</param>
<target>ldapclient_remote_user</target>
</fill>
<fill name="calc_value">
<param type="variable">ldap_admin_password</param>
<target>ldapclient_remote_user_password</target>
</fill>
<fill name="get_chain">
<param name="authority_cn" type="variable">domain_name_eth0</param>
<param name="authority_name">LDAP</param>
<target>openldap_ca_chain</target>
</fill>
</constraints>
</rougail>