<?xml version="1.0" encoding="utf-8"?> <rougail version="0.10"> <services> <service name="ldap-client" target="risotto" engine="cheetah"> <file source="ldap.conf" file_type="variable">ldap_client_file</file> <file source="ca_LDAP.crt" file_type="variable">ldap_ca_file</file> <file source="ldap_client.crt" file_type="variable">ldap_cert_file</file> <file source="ldap_client.key" file_type="variable" owner_type="variable" owner="ldap_key_file_owner" group_type="variable" group="ldap_key_file_group" mode="440">ldap_key_file</file> </service> </services> <variables> <family name="annuaire" description="Annuaire OpenLDAP"> <family name="server" description="Serveur"> <variable name='ldap_server_address' type='domainname' description="Nom DNS du serveur LDAP" mandatory='True' supplier="LDAP"/> <variable name='ldap_port' type='port' description='Port du serveur LDAP' hidden="True"> <value>636</value> </variable> </family> <family name="client" description="Client"> <variable name='ldapclient_family' type='unix_user' description="Nom de la famille LDAP" supplier="LDAP:family"/> <variable name='ldapclient_user' type='string' description="DN de l'utilisateur LDAP" mandatory='False' hidden="True" supplier="LDAP:dn"/> <variable name='ldapclient_user_password' type='password' description="Mot de passe de l'utilisateur LDAP" mandatory='True' hidden="True" supplier="LDAP:password"/> <variable name='ldapclient_base_dn' type='string' description="Base DN de l'annuaire" mandatory="True" supplier="LDAP:base_dn"/> <variable name='ldapclient_search_dn' type='string' description="Base DN de l'annuaire des utilisateurs" mandatory="True"/> <variable name='ldapclient_group_dn' type='string' description="Base DN de l'annuaire des groupes" mandatory="True"/> <variable name='ldapclient_user_dn' type='string' description="Base DN de l'annuaire des utilisateurs n'appartenant à une famille" mandatory="True"/> <variable name="ldap_ca_file" type="filename" description="Fichier de l'autorité de certification LDAP" hidden="True"/> <variable name="ldap_cert_file" type="filename" description="Fichier du certificate LDAP" hidden="True"/> <variable name="ldap_key_file" type="filename" description="Fichier de la clef privée LDAP" hidden="True"/> <variable name="ldap_key_file_owner" type="unix_user" description="Propriétaire du fichier de la clef privée LDAP" hidden="True"> <value>root</value> </variable> <variable name="ldap_key_file_group" type="unix_user" description="Groupe du fichier de la clef privée LDAP" hidden="True"> <value>root</value> </variable> <variable name="ldap_client_file" type="filename" description="Nom du fichier du client LDAP" hidden="True"/> </family> </family> </variables> <constraints> <check name='valid_base_dn'> <target>ldapclient_base_dn</target> </check> <fill name='get_default_base_dn'> <param type="variable">ldap_server_address</param> <target>ldapclient_base_dn</target> </fill> <fill name='calc_value'> <param>ou=accounts</param> <param type="variable">ldapclient_base_dn</param> <param name="join">,</param> <target>ldapclient_search_dn</target> </fill> <fill name='calc_value'> <param>cn=</param> <param type='variable'>domain_name_eth0</param> <param>,</param> <param type='variable'>ldapclient_base_dn</param> <param name="join"></param> <target>ldapclient_user</target> </fill> <fill name="calc_value"> <param type="variable">tls_ca_directory</param> <param>ca_LDAP.crt</param> <param name="join">/</param> <target>ldap_ca_file</target> </fill> <fill name="calc_value"> <param type="variable">tls_cert_directory</param> <param>ldap_client.crt</param> <param name="join">/</param> <target>ldap_cert_file</target> </fill> <fill name="calc_value"> <param type="variable">tls_key_directory</param> <param>ldap_client.key</param> <param name="join">/</param> <target>ldap_key_file</target> </fill> <fill name="get_password"> <param name="server_name" type="variable">ldap_server_address</param> <param name="username" type="variable">ldapclient_user</param> <param name="description">remote account</param> <param name="type">cleartext</param> <param name="hide" type="variable">hide_secret</param> <param name="temporary" type="boolean">True</param> <target>ldapclient_user_password</target> </fill> <fill name="calc_ldapclient_base_dn"> <param type="variable">ldapclient_base_dn</param> <param name="group" type="boolean">True</param> <target>ldapclient_group_dn</target> </fill> <fill name="calc_ldapclient_base_dn"> <param type="variable">ldapclient_base_dn</param> <target>ldapclient_user_dn</target> </fill> <fill name="calc_value"> <param>/etc/ldap/ldap.conf</param> <param name="condition" type="variable">os_name</param> <param name="expected">Debian</param> <param name="default">/etc/openldap/ldap.conf</param> <target>ldap_client_file</target> </fill> </constraints> </rougail>