#!/bin/bash
# Script zur Erweiterung der posixGroup-Objekte im LDAP-DIT um Zarafa Attribute
# und Objektklassen
# (C) 2009,2011 invis-server.org
# Author: Stefan Schäfer <stefan@invis-server.org>
# License: GPLv3

#Konfigurationsdaten
conffile="/etc/invis/invis.conf"
passfile="/etc/invis/invis-pws.conf"

# Funktionen
# Werte aus Konfigurationsdatendatei extrahieren
# $1 = Konfigurationsdatei, $2 = Parameter, $3 Wert (Feld)
getconfdata() {
    cat $1 |grep "$2" | cut -d ":" -f $3
}

# Konfigurationsparameter tauschen
changevalues() {
    # Arg1 = Pfad, Arg2 = Datei, Arg3 = sed String
    cat $1/$2|sed "s%$3%g" > $1/$2.new
    mv $1/$2.new $1/$2
}

# Basis-Variablen
basedn=`getconfdata $conffile "baseDN" "2"`
binddn="uid=admin,$basedn"

bindpw=`getconfdata $passfile "MasterPW" "2"`
ldaphost=`getconfdata $conffile "ldapHost" "2"`

function lds { 
    ldapsearch -LLL -x -Z -h $ldaphost -D $binddn -w $bindpw -b $1 $2
}
# IFS so aendern, dass die nachfolgende for-Schleife nur noch "newlines" als Listentrenner akzeptiert.
searchbase="ou=Groups,ou=Benutzerverwaltung,$basedn"
filter='(&(!(cn=_*))(objectclass=posixGroup))'

#lds $searchbase $filter |sed -n -e "H;g;s/\n //g;p"|grep "dn:"|cut -d ":" -f 2|cut -b1 --complement|sort -u

IFS=$'\n'
for gdn in `lds $searchbase $filter |sed -n -e "H;g;s/\n //g;p"|grep "dn:"|cut -d ":" -f 2|cut -b1 --complement|sort -u|grep "$basedn"`; do
#    echo $gdn
    gidfilter='(gidNumber=*)'
    gidzafilter='(&(!(gidNumber=515))(!(gidNumber=544))(!(gidNumber=548))(!(gidNumber=551))(!(gidNumber=552))(!(gidNumber=550)))'
    gid=`lds $gdn $gidfilter|grep "gidNumber:"|cut -d " " -f2`
#    echo $gid
    gidge=`lds $gdn $gidzafilter|grep "gidNumber:"|cut -d " " -f2`
    #echo $gidge

    if [[ $gidge != "" ]]; then
	line1="dn: $gdn\n"
	line2="changetype: modify\n"
	line3="add: objectclass\n"
	line4="objectclass: zarafa-Group\n"
	line5="-\n"
	line6="add: zarafaSecurityGroup\n"
	line7="zarafaSecurityGroup: 1\n"
	line8="\n"
	echo -e $line1$line2$line3$line4$line5$line6$line7$line8 |ldapmodify -x -Z -h $ldaphost -D $binddn -w $bindpw 
    fi
done

