#
#
# Possible parameters:
#
#  - which flavor of OpenLDAP package to install
#  - install sync scripts
#  - authentication methods
#  - support whois
#  - hosting model
#  - where do we store the LDAP databases and log files
#  - do we enable bundle remctl service?
#
# Another consideration is where we build the ldap-tools servers from.
# They take only the ldap-utils, libldap, libnet-ldap-perl,
# libnet-ldapapi-perl, libstanford-ldapadmin-perl, libstanford-ldapserver-perl,
# python-ldap, the passive monitoring script(s) and the sync scripts

# $distribution: A valid Debian distribution. See the file apt_setup for
#   more information and examples.
#
# $repository: If the package is found in a non-standard location,
#   you can indicate the repository here. See the file apt_setup for
#   more information and examples.

class su_ldap (
  $hosting_model = 'traditional',
  #
  $auth_gssapi    = true,
  $auth_simple    = true,
  #
  $debian_distribution = 'stretch',
  $debian_repository   = undef,
){

  ## ERROR CHECKING ##
  if !($hosting_model in [ 'traditional', 'container', 'tools' ]) {
      fail("Unknown hosting model ${hosting_model}")
  }

  ## APT SETUP ##
  # APT setup needs to be run before anything else, so
  # we ensure this using Puppet "stages":
  stage { 'apt':
    before => Stage['main'],
  }

  # Install apt files so we load the correct version of OpenLDAP. Run in the
  # "apt" stage so that it gets run first.
  class { 'su_ldap::apt_setup':
    stage               => apt,
    debian_distribution => $debian_distribution,
    debian_repository   => $debian_repository,
  }

  ## PACKAGE SETUP ##
  include su_ldap::packages


  ## Basic configuration: /etc/ldap/ldap.conf, /etc/default/slapd, et al.
  class { 'su_ldap::config':
    hosting_model => $hosting_model,
  }

  ## Install sync scripts (call from parent class instead)
  ## put these in tools instead?
  # include su_ldap::sync_scripts

  ## Install certificate
  ## TO DO

#  ## Authentication methods (simple bind and GSSAPI)
#  class { 'su_ldap::authentication':
#    auth_gssapi => $auth_gssapi,
#    auth_simple => $auth_simple,
#  }
#
#  if ($hosting_model == 'traditional') {
#    class { 'su_ldap::traditional':
#    }
#  }

}