Restore proper indentation

8b97e7cb · Jonathan Gazeley · 7dbbc346 · 8b97e7cb
Commit 8b97e7cb authored Mar 02, 2017 by Jonathan Gazeley
--- a/templates/ldap.erb
+++ b/templates/ldap.erb
@@ -18,7 +18,7 @@ ldap <%= @name %> {
 	#    - ldapi:// (LDAP over Unix socket)
 	#    - ldapc:// (Connectionless LDAP)
 	#
-<% @serverconcatarray.each do |srv| -%>       server = '<%= srv %>'
+<% @serverconcatarray.each do |srv| -%>	server = '<%= srv %>'
 <% end -%>

 	#  Port to connect on, defaults to 389, will be ignored for LDAP URIs.
@@ -27,10 +27,10 @@ ldap <%= @name %> {
 	#  Administrator account for searching and possibly modifying.
 	#  If using SASL + KRB5 these should be commented out.
 <%- if @identity -%>
-  identity = '<%= @identity %>'
+	identity = '<%= @identity %>'
 <%- end -%>
 <%- if @password -%>
-  password = <%= @password %>
+	password = <%= @password %>
 <%- end -%>

 	#  Unless overridden in another section, the dn from which all
@@ -61,19 +61,19 @@ ldap <%= @name %> {
 		# SASL mechanism
 #		mech = 'PLAIN'
 <%- if @sasl.has_key?('mech') -%>
-    mech = '<%= @sasl['mech'] %>'
+		mech = '<%= @sasl['mech'] %>'
 <%- end -%>

 		# SASL authorisation identity to proxy.
 #		proxy = 'autz_id'
 <%- if @sasl.has_key?('proxy') -%>
-    proxy = '<%= @sasl['proxy'] %>'
+		proxy = '<%= @sasl['proxy'] %>'
 <%- end -%>

 		# SASL realm. Used for kerberos.
 #		realm = 'example.org'
 <%- if @sasl.has_key?('realm') -%>
-    realm = '<%= @sasl['realm'] %>'
+		realm = '<%= @sasl['realm'] %>'
 <%- end -%>
 	}

@@ -96,7 +96,7 @@ ldap <%= @name %> {
 	#			will be xlat expanded.
 #	valuepair_attribute = 'radiusAttribute'
 <%- if @valuepair_attribute -%>
-  valuepair_attribute = <%= @valuepair_attribute %>
+	valuepair_attribute = <%= @valuepair_attribute %>
 <%- end -%>

 	#
@@ -127,9 +127,9 @@ ldap <%= @name %> {
 	#  the name to be derived from an xlat expansion, or an attribute ref.
 	#
 <%- if @update -%>
-  update {
-    <%= @update.join("\n    ") %>
-  }
+	update {
+		<%= @update.join("\n		") %>
+	}
 <%- else -%>
 	update {
 		control:Password-With-Header	+= 'userPassword'
@@ -152,7 +152,7 @@ ldap <%= @name %> {
 	#  password mechanism.
 #	edir = no
 <%- if @edir -%>
-  edir = <%= @edir %>
+	edir = <%= @edir %>
 <%- end -%>

 	#  Set to yes if you want to bind as the user after retrieving the
@@ -160,7 +160,7 @@ ldap <%= @name %> {
 	#  verify user authorization.
 #	edir_autz = no
 <%- if @edir_autz -%>
-  edir_autz = <%= @edir_autz %>
+	edir_autz = <%= @edir_autz %>
 <%- end -%>

 	#  Note: set_auth_type was removed in v3.x.x
@@ -198,26 +198,26 @@ ldap <%= @name %> {
 			# SASL mechanism
 #			mech = 'PLAIN'
      <%- if @user_sasl.has_key?('mech') -%>
-      mech = '<%= @user_sasl['mech'] %>'
+			mech = '<%= @user_sasl['mech'] %>'
      <%- end -%>

 			# SASL authorisation identity to proxy.
 #			proxy = &User-Name
      <%- if @user_sasl.has_key?('proxy') -%>
-      proxy = '<%= @user_sasl['proxy'] %>'
+			proxy = '<%= @user_sasl['proxy'] %>'
      <%- end -%>

 			# SASL realm. Used for kerberos.
 #			realm = 'example.org'
      <%- if @user_sasl.has_key?('realm') -%>
-      realm = '<%= @user_sasl['realm'] %>'
+			realm = '<%= @user_sasl['realm'] %>'
      <%- end -%>
 		}

 		#  Search scope, may be 'base', 'one', sub' or 'children'
 #		scope = 'sub'
 <%- if @user_scope -%>
-    scope = '<%= @user_scope %>'
+		scope = '<%= @user_scope %>'
 <%- end -%>

 		#  Server side result sorting
@@ -237,7 +237,7 @@ ldap <%= @name %> {
 		#  set, the search will fail.
 #		sort_by = '-uid'
 <%- if @user_sort_by -%>
-    sort_by = '<%= @user_sort_by %>'
+		sort_by = '<%= @user_sort_by %>'
 <%- end -%>

 		#  If this is undefined, anyone is authorised.
@@ -245,7 +245,7 @@ ldap <%= @name %> {
 		#  determine whether or not the user is authorised
 #		access_attribute = 'dialupAccess'
 <%- if @user_access_attribute -%>
-    access_attribute = '<%= @user_access_attribute %>'
+		access_attribute = '<%= @user_access_attribute %>'
 <%- end -%>

 		#  Control whether the presence of 'access_attribute'
@@ -272,7 +272,7 @@ ldap <%= @name %> {
 		#  Will result in the user being locked out.
 #		access_positive = yes
 <%- if @user_access_positive -%>
-    access_positive = <%= @user_access_positive %>
+		access_positive = <%= @user_access_positive %>
 <%- end -%>
 	}

@@ -281,16 +281,16 @@ ldap <%= @name %> {
 	#
 	group {
 		#  Where to start searching in the tree for groups
-    base_dn = "<%= @group_base_dn %>"
+		base_dn = "<%= @group_base_dn %>"

 		#  Filter for group objects, should match all available
 		#  group objects a user might be a member of.
-    filter = "<%= @group_filter %>"
+		filter = "<%= @group_filter %>"

 		# Search scope, may be 'base', 'one', sub' or 'children'
 #		scope = 'sub'
 <%- if @group_scope -%>
-    scope = '<%= @group_scope %>'
+		scope = '<%= @group_scope %>'
 <%- end -%>

 		#  Attribute that uniquely identifies a group.
@@ -298,7 +298,7 @@ ldap <%= @name %> {
 		#  names.
 #		name_attribute = cn
 <%- if @group_name_attribute -%>
-    name_attribute = <%= @group_name_attribute %>
+		name_attribute = <%= @group_name_attribute %>
 <%- end -%>

 		#  Filter to find group objects a user is a member of.
@@ -306,7 +306,7 @@ ldap <%= @name %> {
 		#  identify members (the inverse of membership_attribute).
 #		membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
 <%- if @group_membership_filter -%>
-    membership_filter = "<%= @group_membership_filter %>"
+		membership_filter = "<%= @group_membership_filter %>"
 <%- end -%>

 		#  The attribute in user objects which contain the names
@@ -315,7 +315,7 @@ ldap <%= @name %> {
 		#  Unless a conversion between group name and group DN is
 		#  needed, there's no requirement for the group objects
 		#  referenced to actually exist.
-    membership_attribute = '<%= @group_membership_attribute %>'
+		membership_attribute = '<%= @group_membership_attribute %>'

 		#  If cacheable_name or cacheable_dn are enabled,
 		#  all group information for the user will be
@@ -333,11 +333,11 @@ ldap <%= @name %> {
 		#  cacheable_dn else enable cacheable_name.
 #		cacheable_name = 'no'
 <%- if @group_cacheable_name -%>
-    cacheable_name = '<%= @group_cacheable_name %>'
+		cacheable_name = '<%= @group_cacheable_name %>'
 <%- end -%>
 #		cacheable_dn = 'no'
 <%- if @group_cacheable_dn -%>
-    cacheable_dn = '<%= @group_cacheable_dn %>'
+		cacheable_dn = '<%= @group_cacheable_dn %>'
 <%- end -%>

 		#  Override the normal cache attribute (<inst>-LDAP-Group or
@@ -346,14 +346,14 @@ ldap <%= @name %> {
 		#  are used in fail-over.
 #		cache_attribute = 'LDAP-Cached-Membership'
 <%- if @group_cache_attribute -%>
-    cache_attribute = '<%= @group_cache_attribute %>'
+		cache_attribute = '<%= @group_cache_attribute %>'
 <%- end -%>

 		#  Override the normal group comparison attribute name
 		#  (<inst>-LDAP-Group or LDAP-Group if using the default instance) .
 #		group_attribute = "${.:instance}-${.:name}-Group"
 <%- if @group_attribute -%>
-    group_attribute = '<%= @group_attribute %>'
+		group_attribute = '<%= @group_attribute %>'
 <%- end -%>
 	}

@@ -366,7 +366,7 @@ ldap <%= @name %> {
 		#  Filter for RADIUS profile objects
 #		filter = '(objectclass=radiusprofile)'
 <%- if @profile_filter -%>
-    filter = '<%= @profile_filter %>'
+		filter = '<%= @profile_filter %>'
 <%- end -%>

 		#  The default profile.  This may be a DN or an attribute
@@ -376,7 +376,7 @@ ldap <%= @name %> {
 		#  set this to &control:User-Profile.
 #		default = 'cn=radprofile,dc=example,dc=org'
 <%- if @profile_default -%>
-    default = '<%= @profile_default %>'
+		default = '<%= @profile_default %>'
 <%- end -%>

 		#  The LDAP attribute containing profile DNs to apply
@@ -386,7 +386,7 @@ ldap <%= @name %> {
 		#  if authorization is successful.
 #		attribute = 'radiusProfileDn'
 <%- if @profile_default -%>
-    attribute = '<%= @profile_attribute %>'
+		attribute = '<%= @profile_attribute %>'
 <%- end -%>
 	}

@@ -395,17 +395,17 @@ ldap <%= @name %> {
 	#
 	client {
 		#   Where to start searching in the tree for clients
-    base_dn = "<%= @client_base_dn %>"
+		base_dn = "<%= @client_base_dn %>"

 		#
 		#  Filter to match client objects
 		#
-    filter = '<%= @client_filter %>'
+		filter = '<%= @client_filter %>'

 		# Search scope, may be 'base', 'one', 'sub' or 'children'
 #		scope = 'sub'
 <%- if @client_scope -%>
-    scope = '<%= @client_scope %>'
+		scope = '<%= @client_scope %>'
 <%- end -%>

 		#
@@ -450,7 +450,7 @@ ldap <%= @name %> {
 	#  Load clients on startup
 #	read_clients = no
 <%- if @read_clients -%>
-  read_clients = <%= @read_clients %>
+	read_clients = <%= @read_clients %>
 <%- end -%>

 	#
@@ -519,7 +519,7 @@ ldap <%= @name %> {
 		#  LDAP_OPT_DEREF is set to this value.
 #		dereference = 'always'
 <%- if @dereference -%>
-    dereference = '<%= @dereference %>'
+		dereference = '<%= @dereference %>'
 <%- end -%>

 		#
@@ -529,15 +529,15 @@ ldap <%= @name %> {
 		#  If you set these to 'no', then searches will likely return
 		#  'operations error', instead of a useful result.
 		#
-    chase_referrals = <%= @chase_referrals %>
-    rebind = <%= @rebind %>
+		chase_referrals = <%= @chase_referrals %>
+		rebind = <%= @rebind %>

 		#
 		#  On rebind, use the credentials from the rebind url instead
 		#  of admin credentials used during the initial bind.
 		#  Default 'no'
 		#
-    use_referral_credentials = <%= @use_referral_credentials %>
+		use_referral_credentials = <%= @use_referral_credentials %>

 		#
 		#  If 'yes', then include draft-wahl-ldap-session tracking
@@ -550,7 +550,7 @@ ldap <%= @name %> {
 		#
 #		session_tracking = yes
 <%- if @session_tracking -%>
-    session_tracking = <%= @session_tracking %>
+		session_tracking = <%= @session_tracking %>
 <%- end -%>

 		#  Seconds to wait for LDAP query to finish. default: 20
@@ -560,7 +560,7 @@ ldap <%= @name %> {
 		#  time limit). default: 20
 		#
 		#  LDAP_OPT_TIMELIMIT is set to this value.
-    srv_timelimit = <%= @timelimit %>
+		srv_timelimit = <%= @timelimit %>

 		#  LDAP_OPT_X_KEEPALIVE_IDLE
 		idle = <%= @idle %>
@@ -578,7 +578,7 @@ ldap <%= @name %> {
 		#
 		#	default: 0x0000 (no debugging messages)
 		#	Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
-    ldap_debug = <%= @ldap_debug %>
+		ldap_debug = <%= @ldap_debug %>
 	}

 	#
@@ -611,7 +611,7 @@ ldap <%= @name %> {
 <% end -%>
 #		random_file = /dev/urandom
 <%- if @random_file -%>
-    random_file = <%= @random_file %>
+		random_file = <%= @random_file %>
 <%- end -%>

 		#  Certificate Verification requirements.  Can be:
@@ -675,19 +675,19 @@ ldap <%= @name %> {
 		#  The number of seconds to wait after the server tries
 		#  to open a connection, and fails.  During this time,
 		#  no new connections will be opened.
-    retry_delay = <%= @retry_delay %>
+		retry_delay = <%= @retry_delay %>

 		#  The lifetime (in seconds) of the connection
-    lifetime = <%= @lifetime %>
+		lifetime = <%= @lifetime %>

 		#  Idle timeout (in seconds).  A connection which is
 		#  unused for this length of time will be closed.
-    idle_timeout = <%= @idle_timeout %>
+		idle_timeout = <%= @idle_timeout %>

 		#  Connection timeout (in seconds).  The maximum amount of
 		#  time to wait for a new connection to be established.
 		#  Sets LDAP_OPT_NETWORK_TIMEOUT in libldap.
-    connect_timeout = <%= @connect_timeout %>
+		connect_timeout = <%= @connect_timeout %>

 		#  NOTE: All configuration settings are enforced.  If a
 		#  connection is closed because of 'idle_timeout',