[new-type] __openldap_server: Add a "schema" optional parameter.

cdist/conf/type/__openldap_server/man.rst

@@ -74,6 +74,13 @@ module
     LDAP module to load. See `slapd.conf(5)`.
     Default value is OS-dependent, see manifest.
 
+schema
+    Name of LDAP schema to load. Must be the name without extension of a
+    `.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
+    `/usr/local/etc/openldap/schema`).
+    Example value: `inetorgperson`
+    The type user must ensure that the schema file is deployed.
+    This defaults to a sensible subset, for details see the type definition.
 
 BOOLEAN PARAMETERS
 ------------------

cdist/conf/type/__openldap_server/manifest

@@ -6,6 +6,7 @@ manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
 serverid=$(cat "${__object}/parameter/serverid")
 suffix=$(cat "${__object}/parameter/suffix")
 slapd_modules=$(cat "${__object}/parameter/module" || true)
+schemas=$(cat "${__object}/parameter/schema")
 
 
 OS="$(cat "${__global}/explorer/os")"
@@ -14,8 +15,8 @@ OS="$(cat "${__global}/explorer/os")"
 # TODO: treat other OS better, defaulting to Debian-like
 case "${OS}" in
     freebsd)
-	      PKGS="openldap-server"
-	      ETC="/usr/local/etc"
+        PKGS="openldap-server"
+        ETC="/usr/local/etc"
         SLAPD_DIR="/usr/local/etc/openldap"
         SLAPD_DATA_DIR="/var/db/openldap-data"
         SLAPD_RUN_DIR="/var/run/openldap"
@@ -27,7 +28,7 @@ case "${OS}" in
         ;;
     *)
         PKGS="slapd ldap-utils"
-	      ETC="/etc"
+        ETC="/etc"
         SLAPD_DIR="/etc/ldap"
         SLAPD_DATA_DIR="/var/lib/ldap"
         SLAPD_RUN_DIR="/var/run/slapd"
@@ -39,7 +40,6 @@ case "${OS}" in
 esac
 
 
-
 # Determine if __letsencrypt_cert is to be used and setup vars accordingly
 if [ -f "${__object}/parameter/tls-cert" ]; then
     tls_cert=$(cat "${__object}/parameter/tls-cert")
@@ -161,24 +161,15 @@ TLSCACertificateFile ${tls_ca}
 disallow bind_anon
 require bind
 security tls=1
-
-include ${SLAPD_DIR}/schema/corba.schema
-include ${SLAPD_DIR}/schema/core.schema
-include ${SLAPD_DIR}/schema/cosine.schema
-include ${SLAPD_DIR}/schema/duaconf.schema
-include ${SLAPD_DIR}/schema/dyngroup.schema
-include ${SLAPD_DIR}/schema/inetorgperson.schema
-include ${SLAPD_DIR}/schema/java.schema
-include ${SLAPD_DIR}/schema/misc.schema
-include ${SLAPD_DIR}/schema/nis.schema
-include ${SLAPD_DIR}/schema/openldap.schema
-include ${SLAPD_DIR}/schema/ppolicy.schema
-include ${SLAPD_DIR}/schema/collective.schema
-
-modulepath ${SLAPD_MODULE_PATH}
 EOF
 
+# Add specified schemas
+for schema in ${schemas}; do
+    echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
+done
+
 # Add specified modules
+echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
 for module in ${slapd_modules}; do
     echo "moduleload ${module}.la" >> "${ldapconf}"
 done

cdist/conf/type/__openldap_server/parameter/default/schema

@@ -0,0 +1,12 @@
+corba
+core
+cosine
+duaconf
+dyngroup
+inetorgperson
+java
+misc
+nis
+openldap
+ppolicy
+collective

cdist/conf/type/__openldap_server/parameter/optional

@@ -1,4 +1,5 @@
-description
 syncrepl-credentials
 syncrepl-searchbase
 tls-cert
+tls-privkey
+tls-ca