# linuxmuster.net: ldap configuration script
#
# <thomas@linuxmuster.net>
# 21.02.2014
# GPL v3
#

echo "### 15_ldap postpatch"

# set samba sid
if [ -n "$sambasid" ]; then
 net setlocalsid $sambasid
 net setdomainsid $sambasid
fi


# restore ldapadmin password
smbpasswd -w $ldapadminpw


# check if sophomorix is installed
if [ -n "$SOPHOMORIX" ]; then

 # patching sophomorix.conf with schoolname, location and year
 [ "$1" = "--modify" ] && backup_file $SOPHOMORIXCONF
 yearnow="$(date +%Y)"
 sed -e "s/^\$schul_name=.*/\$schul_name=\"${schoolname} ${location}\";/
         s/^\$geburts_jahreszahl_stop=.*/\$geburts_jahreszahl_stop=$yearnow;/" -i $SOPHOMORIXCONF


 # patch sophomorix pgldap.conf with workgroup, server, internip and domainname
 template=/etc/sophomorix/pgldap/pgldap.conf
 [ "$1" = "--modify" ] && backup_file $template
 sed -e "s/^\$domainname=.*/\$domainname=\"${domainname}\";/
         s/^\$servername=.*/\$servername=\"${servername}\";/
         s/^\$internip=.*/\$internip=\"${serverip}\";/
         s/^\$internmask=.*/\$internmask=\"${INTERNMASK}\";/
         s/^\$smbworkgroup=.*/\$smbworkgroup=\"${workgroup}\";/" -i $template


 # patch sophomorix ldif template
 template1=/usr/share/sophomorix/config-templates/ldap/standalone.ldif.template
 template2=/usr/share/sophomorix/config-templates/ldap/local-gen.ldif
 dc="$(echo $domainname | awk -F\. '{ print $1 }')"
 [ "$1" = "--modify" ] && backup_file $template2
 sed -e "s|@@basedn@@|$basedn|g
         s|@@workgroup@@|$workgroup|g
         s|sambaDomainName:.*|sambaDomainName: $workgroup|
         s|@@sid@@|$sambasid|
         s|@@dc@@|$dc|" $template1 > $template2

fi # installed


# ldap dump files
ldapdump=/var/tmp/ldap.ldif
ldapdumpgz="$BACKUPDIR/ldap/ldap-$DATETIME.ldif.gz"

# function: create ldap tree from ldif file
create_ldap_tree(){
 rm -rf /etc/ldap/slapd.d
 mkdir -p /etc/ldap/slapd.d
 chattr +i /var/lib/ldap/DB_CONFIG
 rm -f /var/lib/ldap/*
 chattr -i /var/lib/ldap/DB_CONFIG
 sed -e "s|^dc:.*|dc: ${domainname%%.*}|
         s|^o:.*|o: ${domainname%%.*}|" -i "$ldapdump"
 slapadd < "$ldapdump"
 chown openldap:openldap /var/lib/ldap -R
 slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
 chown -R openldap:openldap /etc/ldap/slapd.d
}


# only on fresh install
if [ "$1" = "--first" ]; then

 # delete old userdata
 [[ -n "$ADMINSHOME" && -d "$ADMINSHOME" ]] && rm -rf $ADMINSHOME/*
 [[ -n "$TEACHERSHOME" && -d "$TEACHERSHOME" ]] && rm -rf $TEACHERSHOME/*
 [[ -n "$STUDENTSHOME" && -d "$STUDENTSHOME" ]] && rm -rf $STUDENTSHOME/*
 [[ -n "$WSHOME" && -d "$WSHOME" ]] && rm -rf $WSHOME/*
 [[ -n "$SHAREHOME" && -d "$SHAREHOME" ]] && rm -rf $SHAREHOME/*/*
 [[ -n "$TASKSCACHE" && -d "$TASKSCACHE" ]] && rm -rf $TASKSCACHE/*/*
 rm -rf /var/lib/sophomorix/check-result/*
 rm -rf /var/lib/sophomorix/database/*
 rm -rf /var/lib/sophomorix/tmp/*
 rm -rf /var/lib/sophomorix/print-data/*
 rm -rf /var/log/sophomorix/*.log
 rm -rf /var/log/sophomorix/exam/*
 rm -rf /var/log/sophomorix/user/*

 # openldap access to ssl-certs
 addgroup openldap ssl-cert
 
 # create a new ldap database
 createuser -U postgres -S -D -R ldap
 createdb -U postgres -O ldap ldap
 psql -U postgres ldap < /var/tmp/ldap.pgsql

 # create fresh ldap tree from ldif file
 create_ldap_tree
 
 # changing user's default shell to /bin/bash
 [ -n "$SOPHOMORIX" ] && sed -e 's/^\$schueler_per_ssh=.*/\$schueler_per_ssh=\"yes\"\;/
                                 s/^\$lehrer_per_ssh=.*/\$lehrer_per_ssh=\"yes\"\;/' -i $SOPHOMORIXCONF

 # new random password for ldap db user
 ldapdbpw=`pwgen -s 24 1`

 # set ldap db password for schulkonsole
 psql -U postgres -d template1 -qc "ALTER USER ldap WITH PASSWORD '"$ldapdbpw"';"
 sed -e "s|^Password=.*|Password=$ldapdbpw|" -i /etc/linuxmuster/schulkonsole/db.conf

else

 # update user database with basedn, servername and/or workgroup
 if [ "$update_ldap" = "yes" ]; then

  psqldump=/var/tmp/ldap.pgsql
  psqldumpgz="$BACKUPDIR/ldap/ldap-$DATETIME.pgsql.gz"

  echo "Sichere Benutzer-Datenbank nach $psqldumpgz ..."
  [ -d "$BACKUPDIR/ldap" ] || mkdir -p $BACKUPDIR/ldap
  pg_dump -U postgres ldap > $psqldump
  gzip -c9 "$psqldump" > "$psqldumpgz"

  # recreate ldap tree
  echo "Sichere LDAP-Baum nach $ldapdumpgz ..."
  slapcat > "$ldapdump"
  gzip -c9 "$ldapdump" > "$ldapdumpgz"

  if [ -s "$psqldump" -a -s "$ldapdump" ]; then

   echo "Modifiziere Benutzer-Datenbank."

   if [ "$basedn_old" != "$basedn" ]; then
    echo "Ändere BaseDN zu $basedn."
    sed -e "s|$basedn_old|$basedn|g" -i "$psqldump"
    sed -e "s|$basedn_old|$basedn|g" -i "$ldapdump"
   fi

   if [ "$servername_old" != "$servername" ]; then
    echo "Ändere Servernamen zu $servername."
    sed -e 's|\\\\\\\\.*\\\\|\\\\\\\\'"$servername"'\\\\|g' -i "$psqldump"
    sed -e 's|^sambaHomePath: \\\\.*\\|sambaHomePath: \\\\'"$servername"'\\|g' -i "$ldapdump"
   fi

   # recreate ldap db
   dropdb -U postgres ldap
   createdb -U postgres -O ldap ldap
   psql -U postgres ldap < $psqldump

   # change samba domain
   if [ "$workgroup_old" != "$workgroup" ]; then
    echo "Ändere Samba-Domäne zu $workgroup."
    psql -U postgres -d ldap -qc "UPDATE samba_domain SET sambadomainname = '$workgroup' WHERE id = '1';"
    sed -e "s|sambaDomainName=$workgroup_old|sambaDomainName=$workgroup|" -i "$ldapdump"
   fi

   # recreate ldap tree
   create_ldap_tree

   rm "$psqldump" "$ldapdump"

  else

   echo "LDAP-Dump gescheitert! Kann Benutzerdatenbank nicht modifizieren!"

  fi

 fi
   
fi


# repair permissions
for i in /etc/ldap.secret /etc/smbldap-tools/smbldap_bind.conf /etc/sophomorix/pgldap/pgldap.conf; do
 [ -e "$i" ] || continue
 chown root:root $i
 chmod 600 $i
done
chown www-data:www-data /etc/linuxmuster/schulkonsole/*
chmod 400 /etc/linuxmuster/schulkonsole/db.conf*
chown root:openldap /etc/ldap/slapd.conf*
chmod 640  /etc/ldap/slapd.conf*
chown root:root /etc/ldap/ldap.conf
chmod 644 /etc/ldap/ldap.conf
chown openldap:openldap /var/lib/ldap -R
chmod 700 /var/lib/ldap
chmod 600 /var/lib/ldap/*
rm -f /etc/pam_ldap.secret
ln -sf ldap.secret /etc/pam_ldap.secret

rm -f /var/tmp/ldap.*

# start services again
/etc/init.d/nscd stop
/etc/init.d/smbd stop
/etc/init.d/slapd stop
/etc/init.d/slapd start
/etc/init.d/smbd start
/etc/init.d/nscd start


# finally create homes
for i in $ADMINISTRATOR $PGMADMIN $WWWADMIN; do
 mkdir -p $ADMINSHOME/$i
 chown $i:$ADMINGROUP $ADMINSHOME/$i
done
chmod 700 $ADMINSHOME -R

# let sophomorix do upgrades
echo "### sophomorix-setup-pgldap"
sophomorix-setup-pgldap


