openldap:
  pkg.installed

/var/lib/openldap/openldap-data:
  file.directory:
    - mode: 755
    - user: ldap
    - group: ldap

/etc/openldap/certs/:
  file.recurse:
    - source: salt://secure/certs/ldap.actcur.com/
    - user: ldap
    - group: ldap
    - dir_mode: 755
    - file:mode: 400
    - clean: true

/usr/lib/systemd/system/slapd.service:
  file.managed:
    - source: salt://roles/maintain/ldap/slapd.service
    - user: root
    - group: root
    - mode: 644

slapd:
  service.running:
    - enable: true
    - watch:
      - file: own_slapd.d
      - file: /usr/lib/systemd/system/slapd.service

/etc/openldap/slapd.conf:
  file.managed:
    - source: salt://roles/maintain/ldap/slapd.conf
    - user: root
    - group: ldap
    - mode: 640

/root/update_slapd.sh:
  file.managed:
    - source: salt://roles/maintain/ldap/update_slapd.sh
    - user: root
    - group: root
    - mode: 700

update_slapd:
  cmd.run:
    - name: "/bin/bash /root/update_slapd.sh"
    - stateful: true
    - require:
      - file: /etc/openldap/slapd.conf

own_slapd.d:
  file.directory:
    - name: /etc/openldap/slapd.d/
    - user: ldap
    - group: ldap
    - dir_mode: 755
    - file_mode: 644
    - recurse:
      - user
      - group
      - mode
    - require:
      - cmd: update_slapd

own_data:
  file.directory:
    - name: /var/lib/openldap/openldap-data
    - user: ldap
    - group: ldap
    - dir_mode: 755
    - file_mode: 644
    - recurse:
      - user
      - group
      - mode
    - require:
      - cmd: update_slapd

/etc/openldap/rdn.ldiff:
  file.managed:
    - source: salt://roles/maintain/ldap/rdn.ldiff
    - user: root
    - group: root
    - mode: 750

/var/lib/openldap/openldap-data/DB_CONFIG:
  file.managed:
    - source: salt://roles/maintain/ldap/DB_CONFIG
    - user: ldap
    - group: ldap
    - mode: 644