#!/bin/sh -e

. alterator-kdc-princ-functions
. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -ne 2 ] || fatal "Usage: ${0##*/} USER"
user="$1"; shift

pw=
read -es pw

# setting ldap-password
samba_pw="$(mkntpasswd $pw)"
lm=${samba_pw%%:*}
nt=${samba_pw##*:}

lp="$(slappasswd -h '{CRYPT}' -c '$2a$05$%.24s' ${pw:+-s "$pw"})"

[ -n "$lp" ] || fatal "No password given"

#edit kdc
[ -n "$ENABLE_KRB" ] &&
changepw "$user" "$pw" > /dev/null 2>&1

#edit ldap
echo "dn: uid=$user,ou=People,$base
changetype: modify
replace: userPassword
userPassword:$lp
-
replace: sambaLMPassword
sambaLMPassword: $lm
-
replace: sambaNTPassword
sambaNTPassword: $nt" |
ldapmodify -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" > /dev/null
