class openldap::server::slave::dev {

# TODO
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/rfc2307bis.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/evolutionperson.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/mozillaabpersonalpha.ldif 
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/consumer-init.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/consumer-sync.ldif

    package { [
       "slapd",
       "ldap-utils"
       ]: ensure => installed
    }

    service { "slapd":
        enable    => true,
        ensure    => running,
        subscribe => [ Package["slapd"] ],
    }

    file {
        "/etc/ldap/schema":
         ensure => directory,
         mode   => 644,
         owner  => root,
         group  => root,
         source  => "puppet:///openldap/etc/ldap/schema/",
         recurse => "true",
         require => Package[slapd];
        "/var/backups/ldap":
         ensure  => directory,
         owner   => root,
         group   => root,
         mode    => 750;
    }

    file {
        "/etc/ldap/consumer-init.ldif":
         content => template("openldap/consumer-init.ldif.erb"),
         mode    => 0600,
         owner   => root,
         group   => root;
        "/etc/ldap/consumer-sync.ldif":
         content => template("openldap/consumer-sync.ldif.erb"),
         mode    => 0600,
         owner   => root,
         group   => root;
    }
}

class openldap::server::slave {

  debug ("configuring openldap::server::slave with dn '$ldap_base'")

  package {"slapd":
    ensure        => installed,
    responsefile  => "/var/cache/debconf/slapd.preseed",
    require       => File["/var/cache/debconf/slapd.preseed"],
  }
#  if defined(Package["ldap-utils"]) { } else {
#    package {"ldap-utils": ensure => present, }
#  }
  
  service {"slapd":
    ensure  => running,
    require => Package[slapd],
  }

#  if ($ldap_ssl_only) {
#    $line = 'SLAPD_SERVICES="ldaps:///"'
#  } else {
    $line = 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
#  }
  line {"listen_locally":
#    line    => 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"',
    line    => $line,
    file    => "/etc/default/slapd",
    ensure  => present,
    require => Package[slapd],
    notify  => Service[slapd],
  }

  file {
    "/etc/ldap/slapd.conf":
      content => template("openldap/slapd.conf_slave.erb"),
      mode    => 0600, 
      owner   => root, 
      group   => root;
    "/var/cache/debconf/slapd.preseed":
      content => template("openldap/slapd.preseed.erb"),
      mode    => 0600, 
      owner   => root, 
      group   => root;
    "/var/backups/ldap":
      ensure  => directory,
      owner   => root,
      group   => root,
      mode    => 750;
  }

  exec{"slap_conf_update":
      command => "/etc/init.d/slapd stop && /bin/rm -r /etc/ldap/slapd.d/ &&  /bin/mkdir /etc/ldap/slapd.d && /usr/sbin/slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ && /bin/chown -R openldap:openldap /etc/ldap/slapd.d/  && /bin/chmod -R o-rwx  /etc/ldap/slapd.d/ && /etc/init.d/slapd start",
      refreshonly => true,
      subscribe => File["/etc/ldap/slapd.conf"],
      require => [Package[slapd], File["/etc/ldap/slapd.conf"]],
  }

  
  file {
    "/etc/ldap/schema":
      ensure => directory,
      mode   => 644,
      owner  => root,
      group  => root,
      source  => "puppet:///openldap/etc/ldap/schema/",
      recurse => "true",
      require => Package[slapd];
  }

  cron {"ldap-backup":
    command => "/usr/local/sbin/ldap-backup.sh",
    user    => "root",
    hour    => 2,
    minute  => 0,
    require => File["/var/backups/ldap"],
  } 
}