#!/bin/sh -e

. alterator-openldap-functions

default_groups_hook="/etc/hooks/hostname.d/91-ldap-groups"
default_membership="/usr/lib/alterator/backend3/ldap-users"

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

if [ $# -eq 0 ]; then
    group="-h"
else
    group="$1"
    shift
fi

gidin=
[ $# -eq 1 ] && gidin="$1" && shift

# Parse arguments
case "$group" in
    --version)
	get_ldap_version
	exit
	;;
    --default)
	# Set default groups from /etc/alterator/ldap-groups/group-init-list
	[ -x "$default_groups_hook" ] ||
	    fatal "no default groups hook in $default_groups_hook"
	echo "Create default groups..."
	$($default_groups_hook)

	# Add users to default groups
	[ -r "$default_membership" ] || exit
	echo "Add users to groups..."
	group_list="$(grep ^default_groups "$default_membership"|cut -f2 -d\")"
	echo "Groups for users: $group_list"

	# Fill all users list
	members="$(ldap-getent passwd '*' uid |tr '\n' ',')"
	members="${members%,}"

	# Add all users to specified groups
	for group in $group_list; do
	    ldap-groupmod -m "$members" "$group" ||:
	done
	echo "Done."
	exit
	;;
    -h|--help)
	cat <<EOF
Usage:

    $0 <group> [<gid>]
    $0 --default

Arguments:

    group       LDAP group name
    gid         (optional) numeric GID
    --default   Creates all groups from
                /etc/alterator/ldap-groups/group-init-list
                and put users to groups
    -h, --help  show this help
    --version   show version

EOF
        exit
        ;;
esac

#check for name
ldap-getent group "$group" >/dev/null && fatal "group with name \"$group\" already exists"
if  [ -n "$gidin" ] && echo "$gidin" |egrep -q "^[0-9]+$"; then
    [ -z "$(ldap-getent group '*' gidNumber | grep -w "$gidin" )" ] ||
    fatal "gid '$gidin' already in use"
    gid="$gidin"
else
    #calculate gid
    gid_avail="$(ldap-getent group| cut -f3 -d: |sort -unr|head -1)"

    gid=$(( $gid_avail + 1 ))

    [ "$gid" -le "$gid_max" ] || fatal "not free gid available"
    [ "$gid" -lt "$gid_min" ] && gid="$gid_min"
fi

#edit ldap
ldapadd -a -D "$rootdn" $rootpw -x \
	-H "ldap://${host:-127.0.0.1}" >/dev/null <<EOF
dn: cn=$group,ou=Group,$base
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: $group
userPassword: {crypt}x
gidNumber: $gid
EOF

