#!/bin/sh -e

. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -eq 2 ] || fatal "more arguments required"
mod="$1"; shift
group="$1"; shift

#edit ldap
ruby -e '
require "ldap"
require "ldap/ldif"

mod = LDAP::LDAP_MOD_REPLACE
case ARGV[0]
    when "add"
        mod = LDAP::LDAP_MOD_ADD
    when "del"
        mod = LDAP::LDAP_MOD_DELETE
end

ARGV.delete_at(0)

dn = ARGV[0]
attrs = {}
$stdin.each do |l|
  l.force_encoding("UTF-8") if l.respond_to? :force_encoding
  key, val = l.chomp.split(/:/, 2)
  attrs[key] ||= []
  attrs[key] << val unless val.empty?
end
puts LDAP::LDIF.mods_to_ldif(dn, *LDAP.hash2mods(mod, attrs))
' "$mod" "cn=$group,ou=Group,$base" |
	ldapmodify -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" > /dev/null
