#!/bin/sh -e

. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -ne 0 -a "$#" -le 2 ] || fatal "more arguments required"
group="$1" && shift
[ "$#" -eq 1 ] && gidin="$1" && shift

#check for name
ldap-getent group "$group" >/dev/null && fatal "same name already exists"
if  [ -n "$gidin" ] && echo "$gidin" |egrep -q "^[0-9]+$" ;then
        [ -z "$(ldap-getent group '*' gidNumber | grep -w "$gidin" )" ] ||
        fatal "gid '$gidin' already in use"
        gid="$gidin"
else
#calculate gid
gid_avail="$(ldap-getent group| cut -f3 -d: |sort -unr|head -1)"

gid=$(( $gid_avail + 1 ))

[ "$gid" -le "$gid_max" ] || fatal "not free gid available"
[ "$gid" -lt "$gid_min" ] && gid="$gid_min"
fi

#edit ldap
ldapadd -a -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" >/dev/null<<EOF
dn: cn=$group,ou=Group,$base
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: $group
userPassword: {crypt}x
gidNumber: $gid
EOF
