#!/bin/bash
# Script zur Erweiterung der posixGroup-Objekte im LDAP-DIT um die Group-e-Group Attribute
# (C) 2009 invis-server.org
# Author: Stefan Schäfer <stefan@invis-server.org>
# License: GPLv3

#Konfigurationsdaten
conffile="/etc/invis/invis.conf"
passfile="/etc/invis/invis-pws.conf"

# Funktionen
# Werte aus Konfigurationsdatendatei extrahieren
# $1 = Konfigurationsdatei, $2 = Parameter, $3 Wert (Feld)
getconfdata() {
    cat $1 |grep "$2" | cut -d ":" -f $3
}

# Konfigurationsparameter tauschen
changevalues() {
    # Arg1 = Pfad, Arg2 = Datei, Arg3 = sed String
    cat $1/$2|sed "s%$3%g" > $1/$2.new
    mv $1/$2.new $1/$2
}

# Basis-Variablen
basedn=`getconfdata $conffile "baseDN" "2"`
binddn="uid=admin,$basedn"

bindpw=`getconfdata $passfile "MasterPW" "2"`
ldaphost=`getconfdata $conffile "ldapHost" "2"`

function lds { 
    ldapsearch -LLL -x -Z -h $ldaphost -D $binddn -w $bindpw -b $1 $2
}
# IFS so aendern, dass die nachfolgende for-Schleife nur noch "newlines" als Listentrenner akzeptiert.
searchbase="ou=Groups,ou=Benutzerverwaltung,$basedn"
filter='(&(!(cn=_*))(objectclass=posixGroup))'

#lds $searchbase $filter |sed -n -e "H;g;s/\n //g;p"|grep "dn:"|cut -d ":" -f 2|cut -b1 --complement|sort -u

IFS=$'\n'
for gdn in `lds $searchbase $filter |sed -n -e "H;g;s/\n //g;p"|grep "dn:"|cut -d ":" -f 2|cut -b1 --complement|sort -u|grep "$basedn"`; do
#    echo $gdn
    gidfilter='(gidNumber=*)'
    gidgefilter='(gidGroup-e=*)'
    gid=`lds $gdn $gidfilter|grep "gidNumber:"|cut -d " " -f2`
#    echo $gid
    gidge=`lds $gdn $gidgefilter|grep "gidGroup-e:"|cut -d " " -f2`
#    echo $gidge
    if [[ $gidge == "" ]]; then
	line1="dn: $gdn\n"
	line2="changetype: modify\n"
	line3="add: objectclass\n"
	line4="objectclass: groupeGroup\n"
	line5="-\n"
	line6="add: activGroup-e\n"
	line7="activGroup-e: 1\n"
	line8="-\n"
	line9="add: gidGroup-e\n"
	line10="gidGroup-e: $gid\n"
	line11="-\n"
	echo -e $line1$line2$line3$line4$line5$line6$line7$line8$line9$line10$line11 |ldapmodify -x -Z -h $ldaphost -D $binddn -w $bindpw 
    fi
done

