# This class manages the configuration for the script
# /usr/bin/ldap-posix-group. From the script's man page: "This is a remctl
# wrapper script that invokes ldap-group-maint and restricts the options
# to setting up or showing a posix group.

class su_ldap::ldapadmin::posixgroup(
  Enum['present', 'absent'] $ensure,
) {

  if ($ensure == 'present')) {
    fail("missing $ensure parameter")
  }

  # Configuration for Remctl posixgroup
  file { '/etc/ldapadmin/ldap-group-maint.conf':
    ensure  => $ensure,
    mode    => '0644',
    content => template('su_ldap/etc/ldapadmin/ldap-group-maint.conf.erb'),
    require => File['/etc/ldapadmin'],
  }

  # Keytab used to access mailman and Posixgroup.
  if ($ensure == 'present') {
    base::wallet { 'service/lists':
      ensure  => 'present',
      path    => '/etc/ldap/service-lists.keytab',
      owner   => 'root',
      require => File['/etc/ldapadmin'],
    }
  }

}