#!/bin/sh

set -e

LDAP_SERVER='ldaps://ldap1.recycled.cloud'
LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'
LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'
DEFAULT_GROUP_UID_NUMBER=10000

for executable in ldapsearch slappasswd ldapadd sed; do
	if ! command -v $executable >> /dev/null; then
		echo "The $executable command is not available. Exiting." >&2
		exit 1
	fi
done

# Default user details to quiet shellcheck (FIXME?).
uid=""
mail=""
given_name=""
sn=""
password=""

# Prompt for user details.
for input in uid mail given_name sn password; do
	printf "Please enter %s for new user: " $input
	read -r ${input?}
done

# Prompt for admin credentials.
printf "\nPlease enter password for %s: " $LDAP_BIND_DN
read -r ldap_bind_password

# Determine the user's uidNumber
last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
	-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \
	uidNumber | grep uidNumber | sed "s|uidNumber: ||" | sort -n | tail -n 1)
next_uid_number=$(( "$last_uid_number" + 1))

# Compute CN and hash password.
cn="$given_name $sn"
hashed_password=$(slappasswd -s "$password")

# Generate new user, and ask for user-validation.
ldif=$(cat << EOF
dn: uid=$uid,ou=users,dc=recycled,dc=cloud
objectClass: inetOrgPerson
objectClass: posixAccount
cn: $cn
displayName: $cn
gidNumber: $DEFAULT_GROUP_UID_NUMBER
givenName: $given_name
homeDirectory: /home/$uid
mail: $mail
sn: $sn
uid: $uid
uidNumber: $next_uid_number
userPassword: $hashed_password
EOF
)

echo """
::: Generated LDIF :::

$ldif

::: ENTER to insert into database, Ctrl+C to abort :::

"""

read -r # Only used to pause execution until user input is received.

printf 'Executing ldapdd... '
echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
echo "DONE."