initial version of ldap-wg-maint YAML configuration file

manifests/sync_scripts/ldap_wg_maint.pp

@@ -54,11 +54,16 @@ class su_ldap::sync_scripts::ldap_wg_maint (
     source => "puppet:///modules/su_ldap/etc/ssl/certs/${wg_cert}.pem",
   }
 
-  ## Configuration file
+  ## Configuration file (old-style; to go away eventually)
   file { "${basedir}/ldap-wg-maint.conf":
     ensure  => $ensure,
     content => template('su_ldap/etc/ldapadmin/ldap-wg-maint.conf.erb'),
   }
+  ## Configuration file (new style)
+  file { "${basedir}/ldap-wg-maint.yaml":
+    ensure  => $ensure,
+    content => template('su_ldap/etc/ldapadmin/ldap-wg-maint.yaml.erb'),
+  }
 
   # We want to reload the systemd daemon on any change to the unit
   # file. We use the base::systemd shared library's systemd-daemon-reload

templates/etc/ldapadmin/ldap-wg-maint.yaml.erb

+# ldap-wg-maint configuration file
+#
+ldap_host:   <%= @ldap_master_fqdn %>
+ldap_base:   cn=accounts,dc=stanford,dc=edu
+ldap_filter: (suSeasLocal=*)
+#
+# Either a keytab and principal or a ticket file must be
+# specified, but not both.
+tgt_file: <%= @ticket_file_path %>
+#
+log_base_dn: cn=accesslog
+log_filter:  objectclass=*
+log_cookie:  /var/run/ldap-wg-maint.cookie
+#
+select_attribute: uid
+map_attribute:    suSeasLocal
+maps:
+  - .*?@zm[012]\d.stanford.edu = itservices:mail-zimbra
+  - .*?@zm88.stanford.edu = itservices:mail-gmail
+  - .*?@windows.stanford.edu = itservices:mail-onprem-exchange
+  - .*?@office365stanford.mail.onmicrosoft.com = itservices:mail-office365
+  - .*?@o365.stanford.edu = itservices:mail-office365
+#
+webservice_host: <%= @wg_host %>
+webservice_cert: /etc/ssl/certs/<%= @wg_cert %>.pem
+webservice_key:  /etc/ssl/private/<%= @wg_cert %>.key
+#
+debug: 0