#!/bin/sh -e

. alterator-openldap-functions

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

primary=

if [ "$#" -lt 2 ]; then
	mod="-h"
else
	mod="$1"; shift
	if [ "$mod" = "-g" ]; then
		primary="$1"; shift
	fi
	user="$1"; shift
	[ -z "$user" ] && fatal "user name is required"
	[ -z "$(ldap-getent passwd "$user")" ] && fatal "user name \"$user\" is not exists"
fi

# Parse arguments
case "$mod" in
    -g)
        [ -z "$primary" ] && fatal "primary group name is missing"
        gid="$(ldap-getent group "$primary" gidNumber)"
        [ -z "$gid" ] && fatal "group name \"$primary\" not exists"
        echo "gidNumber:$gid" | ldap-usermod replace "$user"
        exit
        ;;
    "--version")
        get_ldap_version
        exit
        ;;
    -h|--help)
        cat <<EOF
Usage: 

    $0 <mode> <user>
    $0 -g <group> <user>

Arguments:

    mode        'add'. 'replace' or 'del'.
                Pairs of '<name>:<value>' will be read from stdin.
    user        LDAP user name
    -g <group>  Set primary <group> for user
    -h, --help  show this help
    --version   show version

EOF
        exit
        ;;
esac


#edit ldap
ruby -e '
require "ldap"
require "ldap/ldif"

mod = LDAP::LDAP_MOD_REPLACE
case ARGV[0]
    when "add"
        mod = LDAP::LDAP_MOD_ADD
    when "del"
        mod = LDAP::LDAP_MOD_DELETE
end

ARGV.delete_at(0)

dn = ARGV[0]
attrs = {}
$stdin.each do |l|
  l.force_encoding("UTF-8") if l.respond_to? :force_encoding
  key, val = l.chomp.split(/:/, 2)
  attrs[key] ||= []
  attrs[key] << val unless val.empty?
end
puts LDAP::LDIF.mods_to_ldif(dn, *LDAP.hash2mods(mod, attrs))
' "$mod" "uid=$user,ou=People,$base" |
	ldapmodify -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" > /dev/null
