#!/bin/sh

. /usr/share/dirsrv/data/DSSharedLib

libpath_add "/usr/lib64"
libpath_add ""
libpath_add "/usr/lib64/dirsrv/"

export LD_LIBRARY_PATH
SHLIB_PATH=$LD_LIBRARY_PATH
export SHLIB_PATH
PATH=$PATH:::/usr/bin

usage ()
{
    echo "Usage: ldif2ldap [-Z serverID] [-D <rootdn>] -w <password> -f <file> [-P protocol] [-h]"
    echo "Options:"
    echo "        -Z serverID  - Server instance identifier"
    echo "        -D rootdn    - Directory Manager DN"
    echo "        -w passwd    - Directory Manager password"
    echo "        -f file      - File containing LDAP entries to add to the server"
    echo "        -P protocol  - STARTTLS, LDAPS, LDAPI, LDAP"
    echo "        -h           - Display usage"
}

while getopts "Z:D:w:f:hP:" flag
do
    case $flag in
        Z) servid=$OPTARG;;
        P) protocol=$OPTARG;;
        D) rootdn=$OPTARG;;
        w) passwd=$OPTARG;;
        f) args=$args"-f $OPTARG"
           input_file=$OPTARG;;
        h) usage
           exit 0;;
        ?) usage
           exit 1;;
    esac
done

shift $(($OPTIND - 1))
if [ $1 ]
then
    echo "ERROR - Unknown option: $1"
    usage
    exit 1
fi

if [ -z "$input_file" ]
then 
    usage
    exit 1
fi

instance=$(get_slapd_instance "/etc/dirsrv" $servid)
if [ $? -eq 1 ]
then
    usage
    echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
    echo "Available instances: $instance"
    exit 1
fi

CONFIG_DIR="/etc/dirsrv/slapd-$instance"

process_dse $CONFIG_DIR $$
file="/tmp/DSSharedLib.$$"
port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
secure_port=$(grep -i 'nsslapd-secureport' $file | awk '{print $2}' )
ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
if [ -z "$rootdn" ]; then
    value=$(grep -i 'nsslapd-rootdn' $file)
    rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
fi
rm $file

if [ -n "$ldapiURL" ]; then
    ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
    ldapiURL="ldapi://"$ldapiURL
fi

client_type=`ldapmodify -V 2>&1`;
echo "$client_type" | grep -q "OpenLDAP"
if  [ $? -eq 0 ]
then
    openldap="yes"
    export LDAPTLS_CACERTDIR=$certdir
fi

if [ -z "$security" ]; then
    security="off"
fi
revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
if [ "$revised_protocol" != "$protocol" ]; then
    echo Protocol $protocol requested, but this protocol is not supported
    error="yes"
fi
protocol=$revised_protocol

#
# STARTTLS
#
if [ "$security" = "on" ]; then
    if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
        if [ "$error" = "yes" ]; then
            echo "Using the next most secure protocol(STARTTLS)"
        fi
        if [ "$openldap" = "yes" ]; then
            ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
        else
            ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
        fi
        exit $?
    fi
fi

#
# LDAPS
#
if [ "$security" = "on" ]; then
    if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
        if [ "$error" = "yes" ]; then
            echo "Using the next most secure protocol(LDAPS)"
        fi
        if [ "$openldap" = "yes" ]; then
            ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file
        else
            ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file 
        fi
        exit $?
    fi
fi

#
# LDAPI
#
if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
    if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
        if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
            if [ "$error" = "yes" ]; then
                echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
            fi
            ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null
        else
            if [ "$error" = "yes" ]; then
                echo "Using the next most secure protocol(LDAPI)"
            fi
            ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file
        fi
        rc=$?
        if [ $rc -ne 0 ]
        then
            echo "Operation failed (error $rc)"
        fi
        exit $rc
    fi
fi

#
# LDAP
#
if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then
    if [ "$error" = "yes" ]; then
        echo "Using the next most secure protocol(LDAP)"
    fi
    if [ "$openldap" = "yes" ]; then
        ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
    else
        ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
    fi
    exit $?
fi

echo ERROR $protocol
