#!/bin/sh

. /usr/share/dirsrv/data/DSSharedLib

libpath_add "/usr/lib64/dirsrv/"
libpath_add "/usr/lib64"
libpath_add ""

export LD_LIBRARY_PATH
SHLIB_PATH=$LD_LIBRARY_PATH
export SHLIB_PATH
PATH=$PATH:::/usr/bin/

protocol=""

usage ()
{
    echo "Usage: monitor [ -Z serverID ] [ -D rootdn ] [ -w password ] [ -b basedn ] [-P protocol] [-h]"
    echo "Options:"
    echo "        -Z serverID  - Server instance identifier"
    echo "        -D rootdn    - Directory Manager DN"
    echo "        -w passwd    - Directory Manager password"
    echo "        -P protocol  - STARTTLS, LDAPS, LDAPI, LDAP"
    echo "        -h           - Display usage"
}

while getopts "Z:b:hP:D:w:" flag
do
    case $flag in
        Z) servid=$OPTARG;;
        P) protocol=$OPTARG;;
        b) MDN=$OPTARG;;
        D) rootdn=$OPTARG;;
        w) passwd=$OPTARG;;
        h) usage
           exit 0;;
        ?) usage
           exit 1;;
    esac
done

shift $(($OPTIND - 1))
if [ $1 ]
then
    echo "ERROR - Unknown option: $1"
    usage
    exit 1
fi

instance=$(get_slapd_instance "/etc/dirsrv" $servid)
if [ $? -eq 1 ]
then
    usage
    echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
    echo "Available instances: $instance"
    exit 1
fi

if [ -z "$MDN" ]
then
    MDN="cn=monitor"
fi

CONFIG_DIR="/etc/dirsrv/slapd-$instance"

process_dse $CONFIG_DIR $$
file="/tmp/DSSharedLib.$$"
port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
secure_port=$(grep -i 'nsslapd-secureport' $file | awk '{print $2}' )
ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
if [ -z "$rootdn" ]; then
    value=$(grep -i 'nsslapd-rootdn' $file)
    rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
fi
rm $file

if [ -n "$passwd" ]; then
    dn="-D \"$rootdn\""
    passwd="-w \"$passwd\""
fi
if [ -n "$ldapiURL" ]
then
    ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
    ldapiURL="ldapi://"$ldapiURL
fi

client_type=`ldapsearch -V 2>&1`;
echo "$client_type" | grep -q "OpenLDAP"
if  [ $? -eq 0 ]
then
    openldap="yes"
    export LDAPTLS_CACERTDIR=$certdir
fi

if [ -z $security ]; then
    security="off"
fi
revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
if [ "$revised_protocol" != "$protocol" ]; then
    echo Protocol $protocol requested, but this protocol is not supported
    error="yes"
fi
protocol=$revised_protocol

#
# STARTTLS
#
if [ "$security" = "on" ]; then
    if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
        if [ "$error" = "yes" ]; then
            echo "Using the next most secure protocol(STARTTLS)"
        fi
        if [ "$openldap" = "yes" ]; then
            eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
        else
            eval ldapsearch -ZZZ -P $certdir  -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
        fi
        exit $?
    fi
fi

#
# LDAPS
#
if [ "$security" = "on" ]; then
    if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
        if [ "$error" = "yes" ]; then
            echo "Using the next most secure protocol(LDAPS)"
        fi
        if [ "$openldap" = "yes" ]; then
            ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*"
        else 
            ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*"
        fi
        exit $?
    fi
fi

#
# LDAPI
#
if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
    if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
        if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
            if [ "$error" = "yes" ]; then
                echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
            fi
            ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null
        else
            if [ "$error" = "yes" ]; then
                echo "Using the next most secure protocol(LDAPI)"
            fi
            ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*"
        fi
        exit $?
    fi
fi

#
# LDAP
#
if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then
    if [ "$error" = "yes" ]; then
        echo "Using the next most secure protocol(LDAP)"
    fi
    if [ "$openldap" = "yes" ]; then
        ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
    else
        ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
    fi
    exit $?
fi
