# @summary Sets up a phpldapadmin instance
# @option nginx_server
#   Name of the nginx server
# @option Manage server
#   Should this class manage the nginx server resource
class profiles::phpldapadmin (
  String $nginx_server,
  Boolean $manage_server = true,
  Stdlib::Absolutepath $www_root = '/usr/share/webapps/phpldapadmin',
) {

  include ::php_fpm

  nginx::resource::server { $nginx_server:
    ipv6_enable         => true,
    ipv6_listen_options => '',
    www_root            => $www_root,
    index_files         => ['index.php'],
  }


  class { 'phpldapadmin':
    servername       => 'Adrift.Space',
    auth_type        => 'cookie',
    blowfish_secret  => Sensitive(extlib::cache_data('profiles::phpldapadmin', 'blowfish', extlib::random_password(100))),
    base_dn          => ['dc=adrift,dc=space'],
    bind_dn_template => 'uid=%s,ou=People,dc=adrift,dc=space',
    open_tree        => true,
  }

  # file { "${www_root}/config/config.php":
  #   target => $phpldapadmin::config_file,
  # }

  class { 'phpldapadmin::auto_number::search':
    uid         => 10000,
    gid         => 10000,
    search_base => 'ou=People,dc=adrift,dc=space',
  }

  php_fpm::nginx { 'phpldapadmin':
    server => $nginx_server,
    conf   => {
      location_allow => [
        '127.0.0.1',
        '::1',
        "${facts['network6']}/${extlib::netmask_to_cidr($facts['netmask6'])}",
        "${facts['network']}/${extlib::netmask_to_cidr($facts['netmask'])}",
      ],
      location_deny  => [
        'all',
      ],
      www_root       => '/usr/share/webapps/phpldapadmin',
    },
  }

  # nginx::resource::location { 'phpldapadmin':
  #   ssl            => true,
  #   ssl_only       => true,
  # }

}