#!/bin/sh -e

if [ $# = 1 ]; then
    user_name=$1
else
    user_name=''
fi

while [ 0$user_name = 0 ]; do
    printf "Username? "
    read user_name
done

case $(auto-ostype) in
RHEL)
    ldap_conf=/etc/openldap/ldap.conf
    default_shell="/bin/bash"
    ;;

FreeBSD)
    ldap_conf=/usr/local/etc/ldap.conf
    default_shell="/bin/tcsh"
    ;;

*)
    auto-unsupported-os $0
    exit 1
    ;;

esac

if [ -e $ldap_conf ]; then
    # Flag usernames not in LDAP
    ldap_verified_uid=`ldapsearch -x uid=$user_name | awk '$1 == "uid:" { print $2 }'`
    if [ 0$ldap_verified_uid != 0$user_name ]; then
	printf "User $user_name is not in the LDAP directory.  Continue? (y/n) "
	read resp
	if [ 0$resp != 0'y' ]; then
	    exit 0
	fi
    fi
fi

printf "Primary group? [default=$user_name] "
read primary_group
if [ 0$primary_group = 0 ]; then
    primary_group=$user_name
fi

printf "Other groups (separated by commas)? "
read othergroups

default_comment=`ldapsearch -x uid=$user_name | awk '$1 == "cn:" { for (c=2; c<NF; ++c) printf("%s ", $c); printf("%s", $NF); }'`
comment=''
while [ 0"$comment" = 0 ]; do
    printf "Comment? [default = '$default_comment'] "
    read comment
    if [ 0"$comment" = 0'' ]; then
	comment="$default_comment"
    fi
done

printf "User ID? [Press return for default] "
read user_id

cat /etc/shells
printf "\nShell? [$default_shell] "
read shell
if [ 0$shell = 0 ]; then
    shell=$default_shell
fi

case $(auto-ostype) in
FreeBSD)
    groupadd_cmd="pw groupadd $primary_group"
    if [ 0$user_id != 0 ]; then
	groupadd_cmd="$groupadd_cmd -g $user_id"
    fi
    
    # Order of pw flags matters!
    useradd_cmd="pw useradd $user_name"
    if [ 0$user_id != 0 ]; then
	useradd_cmd="$useradd_cmd -u $user_id"
    fi
    useradd_cmd="$useradd_cmd -c \"$comment\" -g $primary_group"
    if [ 0$othergroups != 0 ]; then
	useradd_cmd="$useradd_cmd -G \"$othergroups\""
    fi
    useradd_cmd="$useradd_cmd -m -s $shell"
    ;;

RHEL)
    groupadd_cmd="groupadd"
    if [ 0$user_id != 0 ]; then
	groupadd_cmd="$groupadd_cmd -g $user_id"
    fi
    groupadd_cmd="$groupadd_cmd $primary_group"
    
    # Order of pw flags matters!
    useradd_cmd="useradd"
    if [ 0$user_id != 0 ]; then
	useradd_cmd="$useradd_cmd -u $user_id"
    fi
    useradd_cmd="$useradd_cmd -c \"$comment\" -g $primary_group"
    if [ 0$othergroups != 0 ]; then
	useradd_cmd="$useradd_cmd -G \"$othergroups\""
    fi
    useradd_cmd="$useradd_cmd -m -s $shell"
    useradd_cmd="$useradd_cmd $user_name"
    ;;
*)
    exit 1
    ;;
esac

# Eval here to expand before running
printf "$groupadd_cmd\n"
eval $groupadd_cmd
printf "$useradd_cmd\n"
eval $useradd_cmd

passwd $user_name

if [ 0$user_name = 0$ldap_verified_uid ]; then
    cat << EOM

This user can authenticate using either LDAP or the temporary password
shown above.  It is therefore optional to provide this temporary password
to the user.

EOM
else
    cat << EOM

Record the temporary password.  This is the only means by which
this user can authenticate.

EOM
fi

