Puppet::Type.newtype(:ldap_dir_entry) do
  desc "Maintains an ldap schema/database entry.
        Every type will handle only one ldif attribute per resource.
        It should be handy for adjustments on a already initialised
        and running ldap server.  Keep in mind we are only working
        from localhost, on the ldapserver itself.  If possible, we can
        work on an active or a stopped ldapserver, althought the latter
        should be avoided, because  not all  checks are available"
  newparam(:dn, :namevar => true) do
    desc "the dn of the attribute to add/change/delete"
    isrequired
    ensureable
    validate do |value|
      # should be something like [<word>=<value>],....
    end
  end
  newparam(:value, array_matching => all) do
    # it is possible to assign mutliple values to an ldap entry, if the schema allows it
    # should we check it by querying the ldap, or just go ahaed and cath the ldap error ?
    # the latter means we have changed the directory even on error, whoch is not really
    # puppet minded. 
    desc "The value of the attribute to add, or for multiple values, the 
    entry to delete form the directory database"

  end
  newparam(:basedn) do
    desc "the basedn of the database to work on."
    if credentialfile: == undef do
      isrequired (if credentialfile is not set)
      validate do |value|
        # schoul be valid basedn (dc/cn only ? )
      end
    end
  end
  newparam(:binddn) do
    desc "the user to bind to the ldap directory, which will have sufficient
    rights to perform te asked modification"
    isrequired (if  credentialfile is not set)
    validate do |value|
      #should be valid binddn
    end
  end
  newparam(:credentialfile) do
    desc "The full path to the path on the ldap server node where
    the credentials are kept.  This shoudl be a very secured file,
    and could be managed by puppet using the file attribute. If the file is
    not present, i will bale out"
    validate do |value| // this is probably wrong and should go to the provider
      if defined then should_exist and should_readable end
      if file_mode not 0600 and owner not root then print warning end
    end
  end

  newproperty(:offline) do
    desc "it true, perform teh actions on an offline ldap database.
        Not recommended, but could be possible. (defaults to false)."
    defaultto :false
    newvalues( :false, :true :yes, :no, :on, :off)
  end

  newproperty(:forcestop) do 
    desc "stop the ldap server and perform actions offline.
    the ldap server will only be stopped if a change is required
    to get into desired state - This is not recommended.  Proble we will 
    have is to group all resources requiring an offline ldap, perform 
    them one by one, and start the ldap server afterwards."
    defaultto :false
    newvalues( :false, :true :yes, :no, :on, :off)
  end
end