#!/bin/sh -f

alterator_api_version=1
po_domain="alterator-ldap-users"

. alterator-sh-functions
. alterator-openldap-functions

user_list_in()
{
    ldap-getent group "$in_group" memberUid |
    sed -r -e 's/,/\n/g'
}

user_list_out()
{
    local in="$(ldap-getent group "$in_group" memberUid)"

    ldap-getent passwd '*' uid |
    while read user ;do
       echo "$in"| egrep -wq "$user" && continue
       echo "$user"
    done
}

is_defined()
{
	set | grep -qs "^$1="
}

group_args()
{
		printf '%s:%s\n' "mail" "$in_groupmail"
}

group_read()
{
	local name="$1";shift
    write_string_param "groupmail" "$(ldap-getent group "$name" mail)"
		
}

group_write()
{
	local r="$(group_args |
		ldap-groupmod replace "$1" 2>&1)"
    [ -n "$r" ] && write_error "$r" && return 1
}

group_new()
{
	local r="$(ldap-groupadd "$1" 2>&1)"
    [ -n "$r" ] && write_error "$r" && return 1
}

group_delete()
{
	local r="$(ldap-groupdel "$1" 2>&1)"
    [ -n "$r" ] && write_error "$r" && return 1
}

set_dn_conf()
{
    local dn="$(system-auth status|cut -f2 -d' ')"
    [ -n "$dn" ] || fatal "set_dn_conf: couldn't detect dn"

    DN_CONF="$(/usr/sbin/ldap-dn find "$dn")"
    [ -f "$DN_CONF" ] || fatal "set_dn_conf: $DN_CONF doesn't exist"

    export DN_CONF
    base_rootdn_rootpw
}

set_dn_conf

on_message()
{
	case "$in_action" in
		type)
			write_type_item newgroupname system-account-name
			;;
		#object manipulations
		list)
            case "$in__objects" in
            avail_groups)
            local IFS=$'\n'
            for i in $(ldap-getent group '*' cn|sort) ;do
                 write_enum_item "$i"
            done
            ;;
            users_in)

            [ -n "$in_group" ] || return 
            user_list_in | write_enum
            ;;
            users_out)

            [ -n "$in_group" ] || return 
            user_list_out | write_enum
            ;;
            esac
			;;
		read)
			[ -n "$in_group" ] && group_read "$in_group"
			;;
		write)

            [ -n "$in_group" ] && group_write "$in_group"
			;;
        useradd)
            [ -n "$in_group" -a -n "$in_usersout" ] || return 

            IFS=$'\n'
            for userout in $(echo $in_usersout|sed -e 's/;/\n/g')
            do
                printf "memberUid:%s\n" "$userout" | ldap-groupmod add "$in_group"
            done
        ;;
        userdel)
            [ -n "$in_group" -a -n "$in_usersin" ] || return 

            IFS=$'\n'
            for userin in $(echo $in_usersin|sed -e 's/;/\n/g')
            do
                printf 'memberUid:%s\n' "$userin" | ldap-groupmod del "$in_group"
            done
        ;;
        new)
			[ -n "$in_newgroupname" ] || return
			group_new "$in_newgroupname" || return
			;;
        delete)
			if [ -n "$in_group" ] ;then
				group_delete "$in_group" || return
			fi
			;;
	esac
}

message_loop
