---
hiera_include:
  - glauth

# additional altnames
profiles::pki::vault::alt_names:
  - ldap.main.unkin.net
  - ldap.service.consul
  - ldap.query.consul
  - "ldap.service.%{facts.country}-%{facts.region}.consul"

glauth::params::download_version: 2.3.2
glauth::params::ldap_enabled: true
glauth::params::ldaps_enabled: true
glauth::params::basedn: 'dc=main,dc=unkin,dc=net'
glauth::params::behaviors_ignorecapabilities: true
glauth::params::ldap_tlscertpath: /etc/pki/tls/vault/certificate.crt
glauth::params::ldap_tlskeypath: /etc/pki/tls/vault/private.key
glauth::params::ldaps_cert: /etc/pki/tls/vault/certificate.crt
glauth::params::ldaps_key: /etc/pki/tls/vault/private.key
glauth::params::api_cert: /etc/pki/tls/vault/certificate.crt
glauth::params::api_key: /etc/pki/tls/vault/private.key

# configure consul service
consul::services:
  ldap:
    service_name: 'ldap'
    tags:
      - 'media'
      - 'ldap'
    address: "%{facts.networking.ip}"
    port: 636
    checks:
      - id: 'glauth_http_check'
        name: 'glauth HTTP Check'
        http: "https://%{facts.networking.fqdn}:5555"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: ldap
    disposition: write