class ldap::common {
  case $ldap_base_dn {
    "": {
      $ldap_base_dn = "dc=example,dc=com" # Write a function that uses the domain fact
      warning("ldap_base_dn not set, using default $ldap_base_dn")
    }
  }

  case $ldap_admin_dn {
    "": {
      $ldap_admin_dn = "cn=admin,$ldap_base_dn"
      warning("ldap_admin_dn not set, using default $ldap_admin_dn")
    }
  }

  case $ldap_admin_password {
    "": {
      fail("ldap_admin_password not set!")
    }
  }

  $ldappackage       = "slapd"
  $ldapservice       = "slapd"
  $ldapdir           = "/etc/ldap"
  $ldaputilpackage   = "ldap-utils"
  $ldapclientpackage = "libnss-ldap"

  file { "$ldapdir/ldap.conf":
    content => template("ldap/ldap.conf.erb"),
    require => Package[$ldaputilpackage],
  }

  package {
    $ldaputilpackage: ensure => installed;
  }
}

class ldap::client inherits ldap::common {
  case $ldap_server {
    "": {
      fail("ldap_server not set!")
    }
  }

  package { $ldapclientpackage: ensure => installed; }

  file { "/etc/libnss-ldap.conf":
    content => template("ldap/libnss-ldap.conf.erb"),
    require => [ Package[$ldapclientpackage], File["/etc/libnss-ldap.secret"] ],
  }

  file { "/etc/libnss-ldap.secret":
    mode    => 600,
    content => "$ldap_admin_password",
  }
}

class ldap::master inherits ldap::common {
  package {
    $ldappackage:     ensure => installed;
  }

  file { "$ldapdir/slapd.conf":
    content => template("ldap/slapd.conf.erb"),
    require => Package[$ldappackage],
    notify  => Service["$ldapservice"],
  }

  service { $ldapservice:
    require   => [ Package[$ldappackage], File["$ldapdir/slapd.conf"] ],
    ensure    => running,
    enable    => true,
  }
}