#! /bin/sh
#
#This is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation.
#
# script to initialize ldap servers, clients and slaves.
# $Id: ldapinit.sh,v 1.1.2.1 1999/01/18 04:33:47 greg Exp $
# -m "Create a master"
# -s masterserver "Create a slave"
# -c ldapserver "Create a client"
# -r slavehost "Create a replica on master"

# Defaults 
ETCDIR=/etc/ldap
SUFFIX=`hostname -d |/bin/sed -e 's/\(.*\)\(\.\)/dc=\1,dc=/'`
# Functions

# restart ldap servers
ldap_restart () {
  /etc/rc.d/init.d/ldap restart
}

# Do search-n-replace
snr () {
  for i in $ETCDIR/ldap.conf $ETCDIR/slapd.conf; do
    cat $i |/bin/sed -e 's/o=Your Organization Name,c=US/'$SUFFIX'/g' \
      -e 's/^host .*/host '$SERVER'/g' \
      -e 's/^base .*/base '$SUFFIX'/g' \
      >$i.tmp && mv $i.tmp $i
  done
}

# Pingtest. validate hosts
pingtest () {
  if [ ! $1 ];then
    echo "Must specify hostname"
    exit
  fi
  if ! `ping -q -c 1 $1 >/dev/null 2>&1`; then
    echo $1 unreachable or does not exist.
    exit
  fi
}

case $1 in
  -m) echo master
    echo "Setting up "`hostname`" as Master LDAP server"
    echo -n "Enter LDAP administrator password: "
    read PASSWORD
    if [ ! $PASSWORD ]; then
      echo "Blank passwords not permitted"
      exit
    fi
    /bin/sed -e 's/o=Your Organization Name,c=US/'$SUFFIX'/g' \
     -e 's/^\(rootpw[^a-zA-Z0-9]*\)\([a-zA-Z0-9]*\)$/\1'$PASSWORD'/g' \
     -e 's/^referral/#referral/g' \
     < $ETCDIR/slapd.conf \
     > $ETCDIR/slapd.conf.new && mv $ETCDIR/slapd.conf.new $ETCDIR/slapd.conf
     cat <<EOF >>$ETCDIR/slapd.conf
#replogfile	/var/ldap/replica.log
index		cn,sn,uid			pres,eq,approx
index		ipserviceport,iphostnumber	pres,eq

access to * attr=userpassword by self write by * compare  
EOF
     chmod og-rwx $ETCDIR/slapd.conf
     ldap_restart 
    ;;
  -s)
    echo "Setting up "`hostname`" as a Slave to $2"
    pingtest $2
    SERVER=$2
    echo -n "Enter LDAP replica password: "
    read PASSWORD
    if [ ! $PASSWORD ]; then
      echo "Blank passwords not permitted"
      exit
    fi
    /bin/sed -e 's/o=Your Organization Name,c=US/'$SUFFIX'/g' \
      -e 's/cn=root/cn=replicator/g' \
      -e 's/^\(rootpw[^a-zA-Z0-9]*\)\([a-zA-Z0-9]*\)$/\1'$PASSWORD'/g' \
      -e 's/^#\?\(referral[^a-zA-Z0-9]*\)\(.*\)$/\1ldap:\/\/'$SERVER'/g' \
      -e 's/^\(access.*\)write$/\1read/g' \
      -e 's/^defaultaccess.*$/defaultaccess read/' \
      < $ETCDIR/slapd.conf \
      > $ETCDIR/slapd.conf.new && mv $ETCDIR/slapd.conf.new $ETCDIR/slapd.conf
    ldap_restart
    echo -n "Enter LDAP administrator password: "
    read ROOTPASS
    if [ ! $ROOTPASS ]; then
      echo "Blank passwords not permitted"
      exit
    fi
    echo ldapsearch -L -b$SUFFIX -Dcn=root,$SUFFIX -w$ROOTPASS \
      -h $SERVER 'objectclass=*' \
      \| ldapadd -c -r -Dcn=replicator,$SUFFIX -w$PASSWORD -h localhost
    ldapsearch -L -b$SUFFIX -Dcn=root,$SUFFIX -w$ROOTPASS \
      -h $SERVER 'objectclass=*' \
      | ldapadd -c -r -Dcn=replicator,$SUFFIX -w$PASSWORD -h localhost
    ;;
  -c)
    echo "Setting up "`hostname`" as LDAP Client"
    pingtest $2
    SERVER=$2
    if [ -f $ETCDIR/ldap.sec ];then
      echo -n "Enter host password: "
      read PASSWORD
      if [ ! $PASSWORD ]; then
        echo "All LDAP binds will be anonymous"
      fi
      echo "binddn cn="`hostname -s`","$SUFFIX >$ETCDIR/ldap.sec
      echo "bindpw "$PASSWORD >>$ETCDIR/ldap.sec
    fi
    /bin/sed \
      -e 's/^host .*/host '$SERVER'/g' \
      -e 's/^base .*/base '$SUFFIX'/g' \
      < $ETCDIR/ldap.conf \
      > $ETCDIR/ldap.conf.new && mv $ETCDIR/ldap.conf.new $ETCDIR/ldap.conf


    echo -n "Make LDAP default naming service? [Y/N]: "
    read ldap_def
    if [ $ldap_def = y ] || [ $ldap_def = Y ];then
      cp /etc/nsswitch.ldap /etc/nsswitch.conf
      if [ -d /etc/pam.d ];then
        mv /etc/pam.d /etc/pam.d.sav && mv /etc/pam.d.ldap /etc/pam.d
      else
        mv /etc/pam.conf /etc/pam.conf.sav && mv /etc/pam.conf.ldap /etc/pam.conf
      fi
    fi
    ;;
  -r)
    echo "Configuring $2 as replica of "`hostname`
    pingtest $2
    echo -n "Enter LDAP replica password: "
    read PASSWORD
    if [ ! $PASSWORD ]; then
      echo "Blank passwords not permitted"
      exit
    fi
    /bin/sed -e 's/^#replogfile/replogfile/' < $ETCDIR/slapd.conf \
      > $ETCDIR/slapd.conf.new && mv $ETCDIR/slapd.conf.new $ETCDIR/slapd.conf
    cat <<EOF >>$ETCDIR/slapd.conf
replica host=$2 binddn="cn=replicator,$SUFFIX" bindmethod=simple credentials=$PASSWORD
EOF
    ldap_restart
    echo "Changes made"
    ;;
  *) cat <<EOF
ldapinit: Useage
-m            # Create a master server
-s ldapmaster # Create a slave server
-c ldapserver # Create a client
-r slavehost  # Create a replica on the master
EOF
    exit
    ;;
esac


