#!/bin/sh

set -e

LDAP_SERVER='ldaps://ldap1.recycled.cloud'
LDAP_BASE_DN='ou=groups,dc=recycled,dc=cloud'
LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'

for executable in ldapsearch ldapadd sed; do
	if ! command -v $executable >> /dev/null; then
		echo "The $executable command is not available. Exiting." >&2
		exit 1
	fi
done

# Prompt for user details.
printf "Please enter cn for new group: "
read -r cn

# Prompt for admin credentials.
printf "\nPlease enter password for %s: " $LDAP_BIND_DN
read -r ldap_bind_password

# Determine the groups's gidNumber
last_gid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
	-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixGroup)' \
	gidNumber | grep gidNumber | grep -v 10000 | sed "s|gidNumber: ||" | sort -n | tail -n 1)
next_gid_number=$(( "$last_gid_number" + 1))


# Generate new user, and ask for user-validation.
ldif=$(cat << EOF
dn: cn=${cn:?},ou=groups,dc=recycled,dc=cloud
objectClass: posixGroup
cn: ${cn:?}
gidNumber: ${next_gid_number:?}
EOF
)

echo """
::: Generated LDIF :::

$ldif

::: ENTER to insert into database, Ctrl+C to abort :::

"""

read -r # Only used to pause execution until user input is received.

printf 'Executing ldapdd... '
echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
echo "DONE."