body common control
{
      bundlesequence => { "ldap" , "followup"};
}
###################################################################################################
#  NOTE!! relying on LDAP or other network data without validation is EXTREMELY dangerous.
#         You could destroy a system by assuming that the service will respond with a
#         sensible result. CFEngine does not recommend reliance on network services in configuration.
###################################################################################################

bundle agent ldap
{
  vars:
      # Get the first matching value for "uid"

      "value" string => ldapvalue("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

      # Get all matching values for "uid" - should be a single record match
      "list" slist =>  ldaplist("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

  classes:
      "gotdata" expression => ldaparray("myarray","ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(uid=mark)","subtree","none");
      "found" expression => regldap("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","jon.*","none");

  reports:
    linux::
      "LDAP VALUE $(value) found";
      "LDAP LIST VALUE $(list)";
    gotdata::
      "Found specific entry data  ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc";
    found::
      "Matched regex";
}
bundle agent followup
{
  reports:
    linux::
      "Different bundle ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]),...";
}