#!/bin/sh -e

. alterator-openldap-functions

default_groups_hook="/etc/hooks/hostname.d/91-ldap-groups"
default_membership="/usr/lib/alterator/backend3/ldap-users"

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

if [ "$#" -eq 0 ]; then
	group="-h"
else
	group="$1" && shift
fi

gidin=
[ "$#" -eq 1 ] && gidin="$1" && shift

# Parse arguments
case "$group" in
    "--version")
        get_ldap_version
        exit
        ;;
    --default)
        # Set default groups from /etc/alterator/ldap-groups/group-init-list
        [ -x "$default_groups_hook" ] || fatal "no default groups hook in $default_groups_hook"
        echo "Create default groups..."
        $($default_groups_hook)

        # Add users to default groups
        [ -r "$default_membership" ] || exit
        echo "Add users to groups..."
        group_list="$(grep ^default_groups "$default_membership"|cut -f2 -d\")"
        echo "Groups for users: $group_list"

	# Fill all users list
	members="$(ldap-getent passwd '*' uid |tr '\n' ',')"
        members="${members%,}"

	# Add all users to specified groups
	for group in $group_list; do
            ldap-groupmod -m "$members" "$group" ||:
        done
        echo "Done."
        exit
        ;;
	-h|--help)
        cat <<EOF
Usage: 

    $0 <group> [<gid>]
    $0 --default

Arguments:

    group       LDAP group name
    gid         (optional) numeric GID
    --default	Creates all groups from
                /etc/alterator/ldap-groups/group-init-list
                and put users to groups
    -h, --help  show this help
    --version   show version

EOF
        exit
        ;;
esac

#check for name
ldap-getent group "$group" >/dev/null && fatal "group with name \"$group\" already exists"
if  [ -n "$gidin" ] && echo "$gidin" |egrep -q "^[0-9]+$" ;then
        [ -z "$(ldap-getent group '*' gidNumber | grep -w "$gidin" )" ] ||
        fatal "gid '$gidin' already in use"
        gid="$gidin"
else
#calculate gid
gid_avail="$(ldap-getent group| cut -f3 -d: |sort -unr|head -1)"

gid=$(( $gid_avail + 1 ))

[ "$gid" -le "$gid_max" ] || fatal "not free gid available"
[ "$gid" -lt "$gid_min" ] && gid="$gid_min"
fi

#edit ldap
ldapadd -a -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" >/dev/null<<EOF
dn: cn=$group,ou=Group,$base
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: $group
userPassword: {crypt}x
gidNumber: $gid
EOF
