#!/bin/sh -e

. alterator-kdc-princ-functions
. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -eq 1 ] || fatal "more arguments required"
user="$1"; shift

#check for name
ldap-getent passwd "$user" > /dev/null && fatal "same name already exists"

#calculate uid
uid_avail="$(ldap-getent passwd| cut -f3 -d: |sort -unr|head -1)"

uid=$(( $uid_avail + 1 ))

[ "$uid" -le "$uid_max" ] || fatal "not free uid available"
[ "$uid" -lt "$uid_min" ] && uid="$uid_min"

#add group and calculate gid
ldap-getent group "$user" > /dev/null && fatal "same name in group database already exists"
ldap-groupadd "$user"
gid="$(ldap-getent group "$user"|cut -f3 -d:)"

# getting sid
get_sid > /dev/null
user_sid="$SID-$(($uid*2+1000))"

#edit kdc
[ -n "$ENABLE_KRB" ] &&
addprinc "$user" > /dev/null 2>&1

#edit ldap
ldapadd -a -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" >/dev/null<<EOF
dn: uid=$user,ou=People,$base
uid: $user
cn: $user
sn: $user
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
loginShell: /bin/bash
userPassword: {crypt}x
uidNumber: $uid
gidNumber: $gid
homeDirectory: /home/$user
sambaAcctFlags: [U          ]
sambaSID: $user_sid
sambaPwdLastSet: 2147483647
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 0
EOF
