#!/bin/sh

#  ldapadduser : adds a POSIX user account to LDAP

#  Copyright (C) 2005 Ganal LAPLANCHE - Linagora
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
#  USA.

if [ "$1" = "" ] || [ "$2" = "" ]
then
  echo "Usage : $0 <username> <goupname | gid> [uid]"
  exit 1
fi

# Read configuration
if [ ! -f /etc/ldapscripts/ldapscripts.conf ]
then
  echo "Unable to read configuration file from /etc/ldapscripts/ldapscripts.conf, exiting..." | tee -a "$LOGFILE"
  exit 1
fi

. /etc/ldapscripts/ldapscripts.conf

# Username = first argument
_USER="$1"
# User GID = second argument
_GID=`$GETENTGRCMD "$2" | head -n 1 | cut -d ":" -f 3` # Convert to GID any group passed in as name/gid
if [ "$_GID" = "" ] # Group not found
then
  _GID=`echo "$2" | grep '[0-9]\+'` # Check if group is a gid
  if [ "$_GID" = "" ]
  then
    echo "Cannot convert group $2 to gid : group name not found" | tee -a "$LOGFILE"
    exit 1
  fi
  echo "Warning : gid $2 not found, using it anyway..." | tee -a "$LOGFILE"
fi
# Compute UID
if [ "$3" = "" ] # Not an argument, we must find a correct UID
then
  # Find latest in LDAP (base = global $SUFFIX, because machines and users are both posix accounts)
  _UID=`$LDAPSEARCHBIN -w "$BINDPWD" -D "$BINDDN" -b "$SUFFIX" -xH "ldap://$SERVER" -s sub -LLL '(objectClass=posixAccount)' uidNumber 2>>"$LOGFILE" | grep "uidNumber: " | sed -e "s|uidNumber: ||" | uniq | sort -g | tail -n 1`
  # UID not found in LDAP or UID smaller than UIDSTART
  if [ "$_UID" = "" ] || [ ! "$_UID" -gt "$UIDSTART" ]
  then
    _UID="$UIDSTART"
  fi
  _UID=`expr "$_UID" + 1` # UID = UID + 1
else
  _UID="$3"
fi

if [ "$_USER" = "" ] || [ "$_UID" = "" ] || [ "$_GID" = "" ]
then
  echo "Error with user $_USER (with uid : $_UID, and gid : $_GID), exiting..." | tee -a "$LOGFILE"
  exit 1
fi

# Compute homedir
_HOMEDIR=`echo "$UHOMES" | sed -e "s|%u|$_USER|g"`

# Compute password
PASSWORDGEN=`echo "$PASSWORDGEN" | sed -e "s|%u|$_USER|g"`
_PASSWORD=`eval $PASSWORDGEN`
# Record generated password ?
if [ "$RECORDPASSWORDS" = "yes" ] || [ "$RECORDPASSWORDS" = "Yes" ] || [ "$RECORDPASSWORDS" = "YES" ]
then
  echo "$_USER : $_PASSWORD" >> "$PASSWORDFILE"
fi
# Finally store it into LDAP directory
_PASSWORD=`$SLAPPASSWDBIN -s "$_PASSWORD" -h {CRYPT}`

# Add user to LDAP
grep -E '^##' "$0" | sed 's|^##||' | \
	sed -e "s|<user>|$_USER|g" -e "s|<home>|$_HOMEDIR|g" -e "s|<shell>|$USHELL|g" -e "s|<usuffix>|$USUFFIX|g" \
	    -e "s|<password>|$_PASSWORD|g" -e "s|<suffix>|$SUFFIX|g" -e "s|<uid>|$_UID|g" -e "s|<gid>|$_GID|g" | \
	$LDAPADDBIN -w "$BINDPWD" -D "$BINDDN" -xH "ldap://$SERVER" 2>>"$LOGFILE" 1>/dev/null

if [ $? -ne 0 ]
then
  echo "Error adding user $1 to LDAP" | tee -a "$LOGFILE"
  exit 1
fi

echo "Successfully added user $1 to LDAP" | tee -a "$LOGFILE"

# Create Home dir
if [ "$CREATEHOMES" = "yes" ] || [ "$CREATEHOMES" = "Yes" ] || [ "$CREATEHOMES" = "YES" ]
then
  mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
  chown "$_USER":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
  chmod 700 "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
  echo "Created home directory for user $_USER" | tee -a "$LOGFILE"
fi

exit 0

# Ldif info ##################################
##dn: uid=<user>,<usuffix>,<suffix>
##objectClass: account
##objectClass: posixAccount
##cn: <user>
##uid: <user>
##uidNumber: <uid>
##gidNumber: <gid>
##homeDirectory: <home>
##userPassword: <password>
##loginShell: <shell>
##gecos: <user>
##description: <user>
