openldap/client.sls - salt-formulas/openldap - Gitiles

 {%- from "openldap/map.jinja" import client with context %}

 {%- if client.enabled|default(True) %}

 openldap_packages:
   pkg.installed:
     - names: {{ client.pkgs }}

 {%- if client.entry is defined %}

 openldap_wait_for_server_{{ client.server.host }}:
   cmd.run:
   - name: '/usr/bin/ldapsearch -x -H ldap://{{ client.server.host }}{% if client.server.port is defined %}:{{ client.server.port }}{% endif %} > /dev/null || [ $? -eq 32 ] && true'
   - retry:
       attempts: 4
       interval: 5
       splay: 5
   {%- if grains.get('noservices', False) %}
   - onlyif: 'false'
   {%- endif %}

 {%- macro process_entry(entry, tree) %}
   {%- for name, param in entry.iteritems() %}
     {%- set dn = param.get('type', 'cn') + "=" + name + "," + tree %}

 openldap_client_{{ dn }}:
   ldap.managed:
     - connect_spec:
         url: ldap://{{ client.server.host }}{% if client.server.port is defined %}:{{ client.server.port }}{% endif %}
         {%- if client.server.auth is defined %}
         bind:
           method: simple
           dn: {{ client.server.auth.user }}
           password: {{ client.server.auth.password }}
         {%- endif %}
         {%- if client.server.get('tls', False) %}
         tls:
           starttls: true
         {%- endif %}
     - entries:
       - {{ dn }}:
         {%- if param.get('enabled', True) %}
         - delete_others: {{ param.get('purge', False) }}
         - {{ param.get('action', 'replace') }}:
             {{ param.get('type', 'cn') }}: {{ name }}
             {%- for k, v in param.get('attr', {}).iteritems() %}
             {{ k }}: {{ v|yaml }}
             {%- endfor %}
             objectClass: {{ param.get('classes', [])|yaml }}
             {%- if param.member is defined %}
             member:
               {%- for member in param.get('member', []) %}
               - {{ member }}{% if member.split(',')[-1].split('=')[0] != 'dc' %},{{ client.server.basedn }}{% endif %}
               {%- endfor %}
             {%- endif %}
         {%- else %}
         - delete_others: true
         {%- endif %}
     - require:
       - cmd: openldap_wait_for_server_{{ client.server.host }}
     {%- if tree.split(',')[-1].split('=')[0] != 'dc' %}
       - ldap: openldap_client_{{ tree }}
       {%- for member in param.get('member', []) %}
       - ldap: openldap_client_{{ member }}{% if member.split(',')[-1].split('=')[0] != 'dc' %},{{ client.server.basedn }}{% endif %}
       {%- endfor %}
     {%- endif %}
     {%- if grains.get('noservices', False) %}
     - onlyif: 'false'
     {%- endif %}

     {%- if param.entry is defined %}
 {{ process_entry(param.entry, param.get('type', 'cn') + "=" + name + "," + tree) }}
     {%- endif %}
   {%- endfor %}
 {%- endmacro %}

 {{ process_entry(client.entry, client.server.basedn) }}

 {%- endif %}

 {%- endif %}
	{%- from "openldap/map.jinja" import client with context %}

	{%- if client.enabled\|default(True) %}

	openldap_packages:
	pkg.installed:
	- names: {{ client.pkgs }}

	{%- if client.entry is defined %}

	openldap_wait_for_server_{{ client.server.host }}:
	cmd.run:
	- name: '/usr/bin/ldapsearch -x -H ldap://{{ client.server.host }}{% if client.server.port is defined %}:{{ client.server.port }}{% endif %} > /dev/null \|\| [ $? -eq 32 ] && true'
	- retry:
	attempts: 4
	interval: 5
	splay: 5
	{%- if grains.get('noservices', False) %}
	- onlyif: 'false'
	{%- endif %}

	{%- macro process_entry(entry, tree) %}
	{%- for name, param in entry.iteritems() %}
	{%- set dn = param.get('type', 'cn') + "=" + name + "," + tree %}

	openldap_client_{{ dn }}:
	ldap.managed:
	- connect_spec:
	url: ldap://{{ client.server.host }}{% if client.server.port is defined %}:{{ client.server.port }}{% endif %}
	{%- if client.server.auth is defined %}
	bind:
	method: simple
	dn: {{ client.server.auth.user }}
	password: {{ client.server.auth.password }}
	{%- endif %}
	{%- if client.server.get('tls', False) %}
	tls:
	starttls: true
	{%- endif %}
	- entries:
	- {{ dn }}:
	{%- if param.get('enabled', True) %}
	- delete_others: {{ param.get('purge', False) }}
	- {{ param.get('action', 'replace') }}:
	{{ param.get('type', 'cn') }}: {{ name }}
	{%- for k, v in param.get('attr', {}).iteritems() %}
	{{ k }}: {{ v\|yaml }}
	{%- endfor %}
	objectClass: {{ param.get('classes', [])\|yaml }}
	{%- if param.member is defined %}
	member:
	{%- for member in param.get('member', []) %}
	- {{ member }}{% if member.split(',')[-1].split('=')[0] != 'dc' %},{{ client.server.basedn }}{% endif %}
	{%- endfor %}
	{%- endif %}
	{%- else %}
	- delete_others: true
	{%- endif %}
	- require:
	- cmd: openldap_wait_for_server_{{ client.server.host }}
	{%- if tree.split(',')[-1].split('=')[0] != 'dc' %}
	- ldap: openldap_client_{{ tree }}
	{%- for member in param.get('member', []) %}
	- ldap: openldap_client_{{ member }}{% if member.split(',')[-1].split('=')[0] != 'dc' %},{{ client.server.basedn }}{% endif %}
	{%- endfor %}
	{%- endif %}
	{%- if grains.get('noservices', False) %}
	- onlyif: 'false'
	{%- endif %}

	{%- if param.entry is defined %}
	{{ process_entry(param.entry, param.get('type', 'cn') + "=" + name + "," + tree) }}
	{%- endif %}
	{%- endfor %}
	{%- endmacro %}

	{{ process_entry(client.entry, client.server.basedn) }}

	{%- endif %}

	{%- endif %}