### database definition
@!@
print('\n')
print('database\t%(ldap/database/type)s' % configRegistry)
print('suffix\t\t"%(ldap/base)s"' % configRegistry)

print('')
if configRegistry.get('ldap/translogfile'):
	print("overlay\t\ttranslog")
	print("translog\t%(ldap/translogfile)s" % configRegistry)
	if configRegistry.is_true('ldap/translog-ignore-temporary'):
		print("translog-ignore-temporary\ttrue")

if configRegistry.is_true('ldap/k5pwd', True):
	print("overlay\t\tk5pwd")

if configRegistry.is_true('ldap/pwd_scheme_kinit', True):
	print("overlay\t\tpwd_scheme_kinit")

if configRegistry.get('ldap/database/type') == "mdb" and configRegistry.is_true('ldap/ppolicy'):
	print("overlay\t\tppolicy")
	if configRegistry.is_true('ldap/ppolicy/enabled', False):
		ppolicy_default = 'cn=default,cn=ppolicy,cn=univention,%(ldap/base)s' % configRegistry
		print('ppolicy_default\t"%s"' % configRegistry.get('ldap/ppolicy/default', ppolicy_default))

if configRegistry.is_true('ldap/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master':
	print('overlay\t\trefint')
	print('refint_attributes\t\tuniqueMember')

if configRegistry.is_true('ldap/shadowbind', True):
	print('overlay\t\tshadowbind')
	ignorefilter = configRegistry.get("ldap/shadowbind/ignorefilter")
	if ignorefilter:
		print('shadowbind-ignore-filter "%s"' % (ignorefilter,))

if configRegistry.is_true('ldap/overlay/lastbind'):
	print('overlay lastbind')
	lastbind_precision = configRegistry.get('ldap/overlay/lastbind/precision')
	if lastbind_precision:
		print('lastbind-precision %s' % (lastbind_precision,))
else:
	print('# lastbind overlay module has been disabled by UCR')

print('\n')
if configRegistry['ldap/database/type'] == "mdb":
	print("maxsize\t%(ldap/database/mdb/maxsize)s" % configRegistry)
else:
	print("cachesize\t%(ldap/cachesize)s" % configRegistry)
	print("idlcachesize\t%(ldap/idlcachesize)s" % configRegistry)

print('')
print("threads\t\t%(ldap/threads)s" % configRegistry)
print("tool-threads\t%(ldap/tool-threads)s" % configRegistry)
print('')

if configRegistry['ldap/database/type'] == "bdb":
	print('checkpoint %(ldap/database/bdb/checkpoint)s' % configRegistry)
elif configRegistry['ldap/database/type'] == "mdb":
	if configRegistry.get('ldap/database/mdb/checkpoint'):
		print('checkpoint %(ldap/database/mdb/checkpoint)s' % configRegistry)
	if configRegistry.get('ldap/database/mdb/envflags'):
		print('envflags %(ldap/database/mdb/envflags)s' % configRegistry)

from collections import defaultdict
attr2index = defaultdict(list)
for indextype in ('pres', 'eq', 'sub', 'approx'):
	value = configRegistry.get("ldap/index/" + indextype, "").strip()
	if value == "none":
		continue
	for attr in value.split(","):
		attr2index[attr].append(indextype)

for attr, indextypes in sorted(attr2index.items()):
	print("index\t%s\t%s" % (attr, ",".join(indextypes)))
@!@

limits group/univentionGroup/uniqueMember="cn=DC Backup Hosts,cn=groups,@%@ldap/base@%@" time=unlimited size=unlimited size.prtotal=unlimited size.pr=unlimited
limits group/univentionGroup/uniqueMember="cn=DC Slave Hosts,cn=groups,@%@ldap/base@%@" time=unlimited size=unlimited size.prtotal=unlimited size.pr=unlimited
@!@
for key in configRegistry.get('ldap/limits', '').split(';'):
	if key:
		print("limits %s" % key)

print('')
if configRegistry['ldap/server/type'] == "master":
	print('rootdn\t\t"cn=admin,%(ldap/base)s"' % configRegistry)
elif configRegistry['ldap/server/type'] == "slave":
	print('rootdn\t\t"cn=update,%(ldap/base)s"' % configRegistry)
	print('include\t\t/etc/ldap/rootpw.conf')
	print('updatedn\t"cn=update,%(ldap/base)s"' % configRegistry)
	if configRegistry.is_true("ldap/online/master", True):
		print('updateref\tldap://%(ldap/master)s:%(ldap/master/port)s'% configRegistry)
@!@

directory	"/var/lib/univention-ldap/ldap"
lastmod		on

add_content_acl on

overlay constraint
constraint_attribute uidNumber regex ^[^0]+[0-9]*$
constraint_attribute gidNumber regex ^[^0]+[0-9]*$
