#!/bin/bash

. ${TOOLKIT}-functions.sh

usergroup="openldap:openldap"

datadir=`jtconf ldap.datadir` || exit_missing_define ldap.datapath

[ -d $datadir ] || {
	create_dir $datadir $usergroup
	##[ "X`ls /var/lib/ldap`" != "X" ] && (
		##echo "  copying content from /var/lib/ldap ... "
		##cd /var/lib/ldap
		##cp -af * $datadir/. || exit $?
	##)
	SOMETHING_CHANGED=true
}

# se e` uno slave syncrepl, allora installa un file ku-rootdn.conf
# (con credenziali dell'admin) apposito, che contiene un warning
# relativo al fatto che questa definizione e` obbligatoria, e
# forzandolo quindi ad usare la rootdn definita a livello globale
# con password apposita per gli slave_dn (ldap.repl_admin_password)
#
# altrimenti installa il file ku-rootdn.conf di esempio, e solo
# se questo non esiste gia`, per non ricoprire eventuali modifiche
# manuali
#
repl_number=`jtconf ldap.repl_number 2>/dev/null`
repl_numerb=${repl_number:-0}

if [ "$repl_number" -gt 0 ]
then
	# is a replica
	#
	installfile ku-repl.conf /etc/ldap/ $usergroup 600 || exit $?
	installfile ku-repl-rootdn.conf /etc/ldap/ku-rootdn.conf $usergroup 600 || exit $?
else
	# is not a replica
	#
	installfile ku-repl-master.conf /etc/ldap/ku-repl.conf $usergroup 600 || exit $?
	installfile ku-rootdn.conf /etc/ldap/ $usergroup 600 || exit $?
fi

[ -f /etc/ldap/ku-local.conf ] || {
	installfile ku-local.conf /etc/ldap/ $usergroup 600 || exit $?
}

[ -d /etc/ldap/slapd.d ] && {
	putwarning "/etc/ldap/slapd.d config dir!" \
		"new crappy slapd.d fashioned config dir found, renamed" \
		"to /etc/ldap/slapd.d.disabled; remove if not needed"
	mv /etc/ldap/slapd.d /etc/ldap/slapd.d.disabled || exit $?
	SOMETHING_CHANGED=true
}

$SOMETHING_CHANGED && {

	# needs to fill initial database?
	#
	[ "X$(ls $datadir)" = "X" ] && {

		sh /etc/init.d/slapd stop

		conf=/etc/ldap/ku-rootdn.conf
		has_root_dn=false
		has_root_pw=false
		root_dn=$(jtconf ldap.admin) || exit_missing_define ldap.admin
		root_pw=$(jtconf ldap.admin_password) || exit_missing_define ldap.admin_password

		grep -q "^rootdn[ ,	]" $conf && has_root_dn=true
		grep -q "^rootpw[ ,	]" $conf && has_root_pw=true

		$has_root_dn || echo "rootdn $root_dn" >>$conf
		$has_root_pw || echo "rootpw $root_pw" >>$conf

		sh /etc/init.d/slapd start || {
			# idiotic slapd that doesn't log any error message on start fail,
			# we need to launch againg with debug option to see what happens
			#
			slapd -d 9 -f /etc/ldap/slapd.conf -u openldap -g openldap
		}
		if [ -f /usr/sbin/ku-ldap-populate ]
		then
			ku-ldap-populate
		else
			putwarning "LDAP" \
				"command 'ku-ldap-populate' not yet installed, it belongs" \
				"to mnt-ldap module, please relaunch 'kusa' again to finalize" \
				"the configuration"
		fi

		$has_root_dn || grep -v '^rootdn ' $conf | sponge $conf
		$has_root_pw || grep -v '^rootpw ' $conf | sponge $conf

		chown $usergroup $conf
		chmod 600 $conf
	}

	reload_apparmor_profile usr.sbin.slapd	|| :

	# ku-slapd-reindex take care of stoppin/starting
	# slapd daemon, too
	#
	ku-slapd-reindex -f
}
exit 0
