#!/bin/sh -e

. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -gt 0 ] || fatal "more arguments required"
db="$1"; shift
key="*"
[ "$#" -gt 0 ] && {	key="$1"; shift; }

ldap_parse_reply()
{
		ruby -e '
require "ldap"
require "ldap/ldif"

defaultArgs = Array.new

case ARGV[0]
    when "group"
        defaultArgs = %w/cn userPassword gidNumber memberUid/
    when "passwd"
        defaultArgs = %w/uid userPassword uidNumber gidNumber gecos homeDirectory loginShell/
end

ARGV.delete_at(0)

args = ARGV.empty? ? defaultArgs : ARGV.dup

LDAP::LDIF.parse_file "/dev/stdin" do |obj|
  reply = args.collect do |f|
    (obj.attrs[f.downcase] || [""]) * ","
  end
  puts reply * ":"
end
' "$@"
}


ldap_search_groups()
{
	ldapsearch -LLL -b "$base" -x -H "ldap://${host:-127.0.0.1}" "(&(objectClass=posixGroup)(cn=$key))" |
		ldap_parse_reply group "$@" 2>/dev/null
}

ldap_search_users()
{
	ldapsearch -LLL -b "$base" -x -H "ldap://${host:-127.0.0.1}" "(&(objectClass=posixAccount)(uid=$key))" |
		ldap_parse_reply passwd "$@" 2>/dev/null
}

case "$db" in
	"group")
		ldap_search_groups "$@"
		;;
	"passwd")
		ldap_search_users "$@"
		;;
esac
