#!/bin/sh -e

# Make sure ldap.conf does not contain base dn for ldap.uwm.edu
# ou=people,o=uwm
# Can we override from CLI?

case $(auto-ostype) in
RHEL)
    default_shell="/bin/bash"
    ;;
FreeBSD)
    default_shell="/bin/tcsh"
    ;;
*)
    auto-unsupported-os $0
    exit 1
    ;;
esac

if [ $# = 1 ]; then
    user_name=$1
else
    user_name=''
fi

this_host=`hostname`
default_server=ad.${this_host#*.*.}:3268
printf "KRB (or AD) server:port for ldapsearch? [$default_server] "
read server
if [ 0$server = 0 ]; then
    server=$default_server
fi

while [ 0$user_name = 0 ]; do
    printf "Username? "
    read user_name
done

default_ad_user=$USER
printf "YOUR AD Username for user query? [$default_ad_user] "
read ad_user_name
if [ 0$ad_user_name = 0 ]; then
    ad_user_name=$default_ad_user
fi

printf "AD password? "
stty -echo
read ad_pw
printf '\n'
stty echo

# Flag usernames not in LDAP
#ldapsearch -H ldap://$server -x -W -D "AD\\$ad_user_name" CN=$user_name
ldap_verified_uid=`ldapsearch -H ldap://$server -x -w $ad_pw -D "AD\\\\$ad_user_name" cn=$user_name | awk '$1 == "cn:" { print $2 }'`
#echo $ldap_verified_uid
if [ 0$ldap_verified_uid != 0$user_name ]; then
    printf "User $user_name is not in the AD directory.  Continue? y/[n] "
    read resp
    if [ 0$resp != 0'y' ]; then
	exit 0
    fi
fi

printf "Primary group? [default=$user_name] "
read primary_group
if [ 0$primary_group = 0 ]; then
    primary_group=$user_name
fi

printf "Other groups (separated by commas)? "
read othergroups

default_comment=`ldapsearch -H ldap://$server -x -w $ad_pw -D "AD\\\\$ad_user_name" cn=$user_name |
    awk '$1 == "displayName:" { for (c=2; c<NF; ++c) printf("%s ", $c); printf("%s", $NF); }'`
comment=''
while [ 0"$comment" = 0 ]; do
    printf "Comment? [default = '$default_comment'] "
    read comment
    if [ 0"$comment" = 0'' ]; then
	comment="$default_comment"
    fi
done

printf "User ID? [Press return for default] "
read user_id

cat /etc/shells
printf "\nShell? [$default_shell] "
read shell
if [ 0$shell = 0 ]; then
    shell=$default_shell
fi

case $(auto-ostype) in
FreeBSD)
    groupadd_cmd="pw groupadd $primary_group"
    if [ 0$user_id != 0 ]; then
	groupadd_cmd="$groupadd_cmd -g $user_id"
    fi
    
    # Order of pw flags matters!
    useradd_cmd="pw useradd $user_name"
    if [ 0$user_id != 0 ]; then
	useradd_cmd="$useradd_cmd -u $user_id"
    fi
    useradd_cmd="$useradd_cmd -c \"$comment\" -g $primary_group"
    if [ 0$othergroups != 0 ]; then
	useradd_cmd="$useradd_cmd -G \"$othergroups\""
    fi
    useradd_cmd="$useradd_cmd -m -s $shell"
    ;;

RHEL)
    groupadd_cmd="groupadd"
    if [ 0$user_id != 0 ]; then
	groupadd_cmd="$groupadd_cmd -g $user_id"
    fi
    groupadd_cmd="$groupadd_cmd $primary_group"
    
    # Order of pw flags matters!
    useradd_cmd="useradd"
    if [ 0$user_id != 0 ]; then
	useradd_cmd="$useradd_cmd -u $user_id"
    fi
    useradd_cmd="$useradd_cmd -c \"$comment\" -g $primary_group"
    if [ 0$othergroups != 0 ]; then
	useradd_cmd="$useradd_cmd -G \"$othergroups\""
    fi
    useradd_cmd="$useradd_cmd -m -s $shell"
    useradd_cmd="$useradd_cmd $user_name"
    ;;
esac

# Eval here to expand before running
printf "$groupadd_cmd\n"
eval $groupadd_cmd
printf "$useradd_cmd\n"
eval $useradd_cmd

passwd $user_name

if [ 0$user_name = 0$ldap_verified_uid ]; then
    cat << EOM

This user can authenticate using either LDAP or the temporary password
shown above.  It is therefore optional to provide this temporary password
to the user.

EOM
else
    cat << EOM

Record the temporary password.  This is the only means by which
this user can authenticate.

EOM
fi
