#!/bin/sh -e

. shell-error
. ldap-config
. alterator-kdc-princ-functions

[ -n "$(echo "$1"|grep '/etc/openldap')" ] && SLAPD_CONF="$1" && shift

ldap_config "$SLAPD_CONF"

[ "$#" -eq 1 ] || fatal "more arguments required"
user="$1"; shift

#check for name
getent passwd "$user" && fatal "same name already exists"

#calculate uid
uid_avail="$(getent passwd| cut -f3 -d: |sort -unr|head -n1)"
uid_min="${uid_min:-$(sed -rn 's,^UID_MIN[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"
uid_max="${uid_max:-$(sed -rn 's,^UID_MAX[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"

uid=$(( $uid_avail + 1 ))

[ "$uid" -le "$uid_max" ] || fatal "not free uid available"
[ "$uid" -lt "$uid_min" ] && uid="$uid_min"

message "using uid - $uid"

#add group and calculate gid
getent group "$user" && fatal "same name in group database already exists"
ldap-groupadd "$user"
gid="$(ldap-getent group "$user"|cut -f3 -d:)"

message "using gid - $gid"

# getting sid
get_sid
user_sid="$SID-$(($uid*2+1000))"

message "using user sid - $user_sid"

#edit kdc
addprinc "$user"

#edit ldap
ldapadd -a -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}"<<EOF
dn: uid=$user,ou=People,$base
uid: $user
cn: $user
sn: $user
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
loginShell: /bin/bash
userPassword: {crypt}x
uidNumber: $uid
gidNumber: $gid
homeDirectory: /home/$user
sambaAcctFlags: [U          ]
sambaSID: $user_sid
sambaPwdLastSet: 2147483647
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 0
EOF

if [ -d "/home/$user" ]; then
	message "home directory already exists"
else
	cp -r /etc/skel "/home/$user"
	chown -R "$uid:$gid" "/home/$user"
fi

if [ -d "$SPOOL/$user" ]; then
    message "$user spool mail directory already exists"
else
    install -m 0660 -o "$uid" -g mail /dev/null "$SPOOL/$user"
fi

