#!/usr/bin/perl -w

#----------------------------------------------------------------------
# copyright (C) 1999, 2000 e-smith, inc.
#		
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#		
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
# GNU General Public License for more details.
#		
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
# 
# Technical support for this program is available from e-smith, inc.
# For details, please visit our web site at www.e-smith.com or
# call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000
#----------------------------------------------------------------------

package esmith;

use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use esmith::util;
use Net::LDAP;

my $c = esmith::ConfigDB->open_ro;
my $a = esmith::AccountsDB->open_ro;

my $l = $c->get('ldap');
my $status = $l->prop('status') || "disabled";
unless ($status eq "enabled" )
{
    warn "Not running action script $0, LDAP service not enabled!\n";
    exit(0);
}

my $domain = $c->get('DomainName')
    || die("Couldn't determine domain name");
 $domain = $domain->value;

my @accounts;
my $account;
my $event = shift || die "Event name must be specified";
if ($event eq 'ldap-update')
{
    @accounts = ($a->users, $a->groups);
}
else
{
    my $userName = shift;
    die "Username argument missing." unless defined ($userName);

    $account = $a->get($userName);
    die "Account $userName not found.\n" unless defined $account;
    my $type = $account->prop('type') || "unknown";

    die "Account $userName is not a user or group account; " .
	    "update LDAP entry failed.\n"
	unless (($type eq 'user') || ($type eq 'group'));
    @accounts = ($account);
}

#------------------------------------------------------------
# Update LDAP directory entry. First read LDAP password
#------------------------------------------------------------
my $pw = esmith::util::LdapPassword();

#------------------------------------------------------------
# Update LDAP database entry.
#------------------------------------------------------------
my $base = esmith::util::ldapBase ($domain);

my $ldap = Net::LDAP->new('localhost')
    or die "$@";

$ldap->bind(
    dn => "cn=root,$base",
    password => $pw
);

my $phone = $l->prop('defaultTelephoneNumber') || '';
my $company = $l->prop('defaultCompany') || '';
my $dept = $l->prop('defaultDepartment') || '';
my $city = $l->prop('defaultCity') || '';
my $street = $l->prop('defaultStreet') || '';
foreach my $acct (@accounts)
{
    my $key = $acct->key;
    my $type = $acct->prop('type');
    next unless ($type eq 'user' || $type eq 'group');
    my @attrs = ();
    if ($type eq 'user')
    {
	my $name = $acct->prop('FirstName') . " " . $acct->prop('LastName');
	utf8::upgrade($name);
	my $first = $acct->prop('FirstName') || '';
	utf8::upgrade($first);
	my $last = $acct->prop('LastName') || '';
	utf8::upgrade($last);
	my $phone = $acct->prop('Phone') || '';
	my $company = $acct->prop('Company') || '';
	utf8::upgrade($company);
	my $dept = $acct->prop('Dept') || '';
	utf8::upgrade($dept);
	my $city = $acct->prop('City') || '';
	utf8::upgrade($city);
	my $street = $acct->prop('Street') || '';
	utf8::upgrade($street);
	push @attrs, (objectClass => 'person');
	push @attrs, (uid => $key);

	push @attrs, (cn => $name) unless ($name =~ /^\s*$/);
	push @attrs, (givenName => $first) unless $first =~ /^\s*$/;
	push @attrs, (sn => $last) unless $last =~ /^\s*$/;
	push @attrs, (mail => "$key\@$domain");
	push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
	push @attrs, (o => $company) unless $company =~ /^\s*$/;
	push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
	push @attrs, (l => $city) unless $city =~ /^\s*$/;
	push @attrs, (street => $street) unless $street =~ /^\s*$/;
    }
    elsif ($type eq 'group')
    {
	push @attrs, (objectClass => 'posixGroup');
	push @attrs, (uid => $key);

	my $key = $acct->key;
	my $desc = $acct->prop('Description') || '';
	utf8::upgrade($desc);
	push @attrs, (cn => $desc) unless $desc =~ /^\s*$/;
	push @attrs, (mail => "$key\@$domain");
	push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
	push @attrs, (o => $company) unless $company =~ /^\s*$/;
	push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
	push @attrs, (l => $city) unless $city =~ /^\s*$/;
	push @attrs, (street => $street) unless $street =~ /^\s*$/;
    }
    my $dn = "uid=$key,$base";
    if (($event eq 'user-create') || ($event eq 'group-create'))
    {
	my $result = $ldap->add ($dn, attr => \@attrs);

	$result->code &&
	    warn "failed to add entry for $dn: ", $result->error ;
    }
    else
    {
	my %attrs = @attrs;
	my $result = $ldap->modify ($dn, replace => \%attrs);

	$result->code &&
	    warn "failed to modify entry for $dn: ", $result->error ;
    }
}
$ldap->unbind;

exit (0);
