#!/bin/sh

set -e

LDAP_SERVER='ldaps://ldap1.recycled.cloud'
LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'
LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'
DEFAULT_GROUP_UID_NUMBER=10000

for executable in ldapsearch slappasswd ldapadd sed; do
	if ! command -v $executable >> /dev/null; then
		echo "The $executable command is not available. Exiting." >&2
		exit 1
	fi
done

# Prompt for user details.
for input in uid mail given_name sn password; do
	printf "Please enter %s for new user: " $input
	read -r ${input?}
done

# Prompt for admin credentials.
printf "\nPlease enter password for %s: " $LDAP_BIND_DN
read -r ldap_bind_password

# Determine the user's uidNumber
last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
	-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \
	uidNumber | grep uidNumber | sed "s|uidNumber: ||" | sort -n | tail -n 1)
next_uid_number=$(( "$last_uid_number" + 1))

# Compute CN and hash password.
cn="${given_name:?} ${sn:?}"
hashed_password=$(slappasswd -s "${password:?}")

# Generate new user, and ask for user-validation.
ldif=$(cat << EOF
dn: uid=${uid:?},ou=users,dc=recycled,dc=cloud
objectClass: inetOrgPerson
objectClass: posixAccount
cn: ${cn:?}
displayName: ${cn:?}
gidNumber: ${DEFAULT_GROUP_UID_NUMBER:?}
givenName: ${given_name:?}
homeDirectory: /home/${uid:?}
mail: ${mail:?}
sn: ${sn:?}
uid: ${uid:?}
uidNumber: ${next_uid_number:?}
userPassword: ${hashed_password:?}
EOF
)

echo """
::: Generated LDIF :::

$ldif

::: ENTER to insert into database, Ctrl+C to abort :::

"""

read -r # Only used to pause execution until user input is received.

printf 'Executing ldapdd... '
echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
echo "DONE."