#!/bin/bash

[ -f /etc/eole/saslauthd.conf ] || exit 0

mode=$1

. /usr/lib/eole/ihm.sh
. /etc/eole/saslauthd.conf

if [ "$SASL_MECHANISM" = "ldap" ] && [ "$SASL_LDAP_AUTH_LOCAL" = 'oui' ]
then
    PRIVATE_DIR=/etc/eole/private
    READER_PASSWORD_FILE="${PRIVATE_DIR}/sasl-reader.password"

    user_exists() {
        local username="${1}"
        $CONTAINER_EXEC samba-tool user show "${username}" > /dev/null 2>&1
    }

    if [ -f /etc/eole/samba4-vars.conf ];then
        . /etc/eole/samba4-vars.conf
        [ "$(CreoleGet ad_server_role)" == "controleur de domaine" ] || exit 0
        # Seth DC
        CONTAINER_EXEC=''
    elif [ -f /usr/lib/eole/eolead.sh ];then
        . /usr/lib/eole/eolead.sh
        # ScribeAD/HorusAD
        . $CONTAINER_ROOTFS/etc/eole/samba4-vars.conf
        AD_HOST_IP=$CONTAINER_IP
        CONTAINER_EXEC='lxc-attach -n addc --'
    else
        exit 0
    fi

    if [ ! -s "${READER_PASSWORD_FILE}" ]
    then
        EchoRouge "Le fichier de mot de passe '${READER_PASSWORD_FILE}' n’existe pas"
    else
        READER_PASSWORD=$(cat "${READER_PASSWORD_FILE}")
        if ! user_exists $SASL_READER
        then
        echo "Ajout du compte de lecture '$SASL_READER'... "
        $CONTAINER_EXEC samba-tool user create --random-password $SASL_READER
        fi

        echo "Mise en conformité de l’utilisateur '$SASL_READER'... "
        $CONTAINER_EXEC samba-tool user setexpiry $SASL_READER --noexpiry
        $CONTAINER_EXEC samba-tool user setpassword $SASL_READER --newpassword="${READER_PASSWORD}"
    fi
fi
if [[ "$SASL_CLIENTS" =~ "openldap" ]] && [[ "$mode" = 'instance' ]]
then
    SEARCH_FILTER="(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(!(objectClass=responsable)))"
    for user in $(ldapsearch -x $SEARCH_FILTER uid |grep "^uid" | cut -d" " -f2)
    do
        /usr/sbin/delegatetosasl.pl $user 2>&1 >/dev/null
    done
    echo
fi

exit 0
