From 99099162577dce88429d04bbb2829f20403add4d Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@brief.schottelius.org>
Date: Thu, 5 Jan 2012 13:41:32 +0100
Subject: [PATCH] add real life template example

Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
---
 other/examples/types/__ethz_dinfk_ldap/README |  2 +
 .../files/nslcd.conf.template                 | 46 +++++++++++++++++++
 .../__ethz_dinfk_ldap/files/nsswitch.conf     | 22 +++++++++
 .../examples/types/__ethz_dinfk_ldap/manifest | 39 ++++++++++++++++
 .../__ethz_dinfk_ldap/parameter/required      |  1 +
 .../types/__ethz_dinfk_ldap/singleton         |  0
 6 files changed, 110 insertions(+)
 create mode 100644 other/examples/types/__ethz_dinfk_ldap/README
 create mode 100755 other/examples/types/__ethz_dinfk_ldap/files/nslcd.conf.template
 create mode 100644 other/examples/types/__ethz_dinfk_ldap/files/nsswitch.conf
 create mode 100755 other/examples/types/__ethz_dinfk_ldap/manifest
 create mode 100644 other/examples/types/__ethz_dinfk_ldap/parameter/required
 create mode 100644 other/examples/types/__ethz_dinfk_ldap/singleton

diff --git a/other/examples/types/__ethz_dinfk_ldap/README b/other/examples/types/__ethz_dinfk_ldap/README
new file mode 100644
index 00000000..18c1574b
--- /dev/null
+++ b/other/examples/types/__ethz_dinfk_ldap/README
@@ -0,0 +1,2 @@
+This type is used in production in the ETH and utilises a template to generate
+the config file.
diff --git a/other/examples/types/__ethz_dinfk_ldap/files/nslcd.conf.template b/other/examples/types/__ethz_dinfk_ldap/files/nslcd.conf.template
new file mode 100755
index 00000000..d5b41c24
--- /dev/null
+++ b/other/examples/types/__ethz_dinfk_ldap/files/nslcd.conf.template
@@ -0,0 +1,46 @@
+#!/bin/sh
+cat << DONE 
+#
+# D-INFK SANS MANAGED FILE
+# ========================
+#
+# Do not change this file. Changes will be overwritten.
+#
+
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+uri ldaps://ldaps01.ethz.ch
+uri ldaps://ldaps02.ethz.ch
+uri ldaps://ldaps03.ethz.ch
+
+
+# The search base
+base ou=${ou},ou=inf,ou=auth,o=ethz,c=ch
+base passwd ou=users,ou=${ou},ou=inf,ou=auth,o=ethz,c=ch
+base group ou=Group,ou=inf,ou=auth,o=ethz,c=ch
+base netgroup ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch
+
+binddn cn=REPLACE,ou=ME,ou=WITH,ou=YOUR,o=DETAILS,c=ch
+bindpw VERYSECRETPASSWORD
+
+# The LDAP protocol version to use.
+#ldap_version 3
+
+# The DN to bind with for normal lookups.
+#binddn cn=annonymous,dc=example,dc=net
+#bindpw secret
+
+# SSL options
+ssl on
+tls_reqcert never
+
+# The search scope.
+#scope sub
+DONE
diff --git a/other/examples/types/__ethz_dinfk_ldap/files/nsswitch.conf b/other/examples/types/__ethz_dinfk_ldap/files/nsswitch.conf
new file mode 100644
index 00000000..f4185a86
--- /dev/null
+++ b/other/examples/types/__ethz_dinfk_ldap/files/nsswitch.conf
@@ -0,0 +1,22 @@
+#
+# D-INFK SANS MANAGED FILE
+# ========================
+#
+# Do not change this file. Changes will be overwritten.
+#
+# /etc/nsswitch.conf
+#
+
+passwd:      files ldap
+group:       files ldap
+shadow:      files ldap
+
+hosts:       files dns
+networks:    files
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+
+netgroup:    files ldap
diff --git a/other/examples/types/__ethz_dinfk_ldap/manifest b/other/examples/types/__ethz_dinfk_ldap/manifest
new file mode 100755
index 00000000..c31d765d
--- /dev/null
+++ b/other/examples/types/__ethz_dinfk_ldap/manifest
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Configure nss_ldap for a machine at DINFK.
+#
+
+ou="$(cat "$__object/parameter/ou")"
+
+ldap_config="/etc/nslcd.conf"
+ldap_package="libnss-ldapd"
+
+# Install required packages
+__package "$ldap_package" --state installed
+
+# Generate nss-ldap config file from template
+mkdir "$__object/files"
+. "$__type/files/nslcd.conf.template" > "$__object/files/nslcd.conf"
+__file "$ldap_config" --source "$__object/files/nslcd.conf"
+
+# Configure nsswitch to use ldap
+require="__package/$ldap_package __file/$ldap_config" \
+   __file /etc/nsswitch.conf --source "$__type/files/nsswitch.conf"
diff --git a/other/examples/types/__ethz_dinfk_ldap/parameter/required b/other/examples/types/__ethz_dinfk_ldap/parameter/required
new file mode 100644
index 00000000..d96c19d8
--- /dev/null
+++ b/other/examples/types/__ethz_dinfk_ldap/parameter/required
@@ -0,0 +1 @@
+ou
diff --git a/other/examples/types/__ethz_dinfk_ldap/singleton b/other/examples/types/__ethz_dinfk_ldap/singleton
new file mode 100644
index 00000000..e69de29b