### database definition
@!@
from collections import defaultdict
print('\n')
print('database\t%(ldap/database/type)s' % configRegistry)
print('suffix\t\t"%(ldap/base)s"' % configRegistry)

print('')
if configRegistry.get('ldap/translogfile'):
    print("overlay\t\ttranslog")
    print("translog\t%(ldap/translogfile)s" % configRegistry)
    if configRegistry.is_true('ldap/translog-ignore-temporary'):
        print("translog-ignore-temporary\ttrue")

if configRegistry.is_true('ldap/k5pwd', True):
    print("overlay\t\tk5pwd")

if configRegistry.is_true('ldap/pwd_scheme_kinit', True):
    print("overlay\t\tpwd_scheme_kinit")

if configRegistry.get('ldap/database/type') == "mdb":
    print("overlay\t\tppolicy")
    if configRegistry.is_true('ldap/ppolicy/enabled', False):
        ppolicy_default = 'cn=default,cn=ppolicy,cn=univention,%(ldap/base)s' % configRegistry
        print('ppolicy_default\t"%s"' % configRegistry.get('ldap/ppolicy/default', ppolicy_default))

if configRegistry.is_true('ldap/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master':
    print('overlay\t\trefint')
    print('refint_attributes\t\tuniqueMember')

if configRegistry.is_true('ldap/shadowbind', True):
    print('overlay\t\tshadowbind')
    ignorefilter = configRegistry.get("ldap/shadowbind/ignorefilter")
    if ignorefilter:
        print('shadowbind-ignore-filter "%s"' % (ignorefilter,))

if configRegistry.is_true('ldap/overlay/lastbind'):
    print('overlay lastbind')
    lastbind_precision = configRegistry.get('ldap/overlay/lastbind/precision')
    if lastbind_precision:
        print('lastbind-precision %s' % (lastbind_precision,))
else:
    print('# lastbind overlay module has been disabled by UCR')

print('\n')
if configRegistry['ldap/database/type'] == "mdb":
    print("maxsize\t%(ldap/database/mdb/maxsize)s" % configRegistry)
else:
    print("cachesize\t%(ldap/cachesize)s" % configRegistry)
    print("idlcachesize\t%(ldap/idlcachesize)s" % configRegistry)

print('')
print("threads\t\t%(ldap/threads)s" % configRegistry)
print("tool-threads\t%(ldap/tool-threads)s" % configRegistry)
print('')

if configRegistry['ldap/database/type'] == "mdb":
    if configRegistry.get('ldap/database/mdb/checkpoint'):
        print('checkpoint %(ldap/database/mdb/checkpoint)s' % configRegistry)
    if configRegistry.get('ldap/database/mdb/envflags'):
        print('envflags %(ldap/database/mdb/envflags)s' % configRegistry)

attr2index = defaultdict(list)
for indextype in ('pres', 'eq', 'sub', 'approx'):
    value = configRegistry.get("ldap/index/" + indextype, "").strip()
    if value == "none":
        continue
    for attr in value.split(","):
        attr2index[attr].append(indextype)

for attr, indextypes in sorted(attr2index.items()):
    print("index\t%s\t%s" % (attr, ",".join(indextypes)))
@!@

limits group/univentionGroup/uniqueMember="cn=DC Backup Hosts,cn=groups,@%@ldap/base@%@" time=unlimited size=unlimited size.prtotal=unlimited size.pr=unlimited
limits group/univentionGroup/uniqueMember="cn=DC Slave Hosts,cn=groups,@%@ldap/base@%@" time=unlimited size=unlimited size.prtotal=unlimited size.pr=unlimited
@!@
for key in configRegistry.get('ldap/limits', '').split(';'):
    if key:
        print("limits %s" % key)

print('')
if configRegistry['ldap/server/type'] == "master":
    print('rootdn\t\t"cn=admin,%(ldap/base)s"' % configRegistry)
elif configRegistry['ldap/server/type'] == "slave":
    print('rootdn\t\t"cn=update,%(ldap/base)s"' % configRegistry)
    print('include\t\t/etc/ldap/rootpw.conf')
    print('updatedn\t"cn=update,%(ldap/base)s"' % configRegistry)
    if configRegistry.is_true("ldap/online/master", True):
        print('updateref\tldap://%(ldap/master)s:%(ldap/master/port)s' % configRegistry)
@!@

directory	"/var/lib/univention-ldap/ldap"
lastmod		on

add_content_acl on

@!@
if configRegistry['ldap/server/type'] == "master":
    print('overlay\tunique')
    print('unique_uri\t"ldap:///%(ldap/base)s?univentionObjectIdentifier?sub?(objectClass=univentionObject)"' % configRegistry)
@!@
overlay constraint
constraint_attribute uidNumber regex ^[^0]+[0-9]*$
constraint_attribute gidNumber regex ^[^0]+[0-9]*$
@!@
if configRegistry.is_true('ldap/overlay/sock', False):
    print('overlay sock')
    print('extensions binddn connid peername')
    print('socketpath /var/lib/univention-ldap/slapd-sock/sock')
    sockops = configRegistry.get('ldap/overlay/sock/sockops', '')
    if sockops == 'CRUD':
        print('sockops add delete modify modrdn')
    print('sockresps extendedresult')
@!@
