#!/bin/sh -e

. cl-config

[ "$#" -ge 2 ] || fatal "more arguments required"
config="$1"
user="$2"
shift 2

cl_slapd_config "$config"

#check for name
local_getent_passwd "$user" | grep -qs "^$user:" && fatal "same name already exists"
ldap-getent-passwd "$config" "$user" | grep -qs "^$user:" && fatal "same name already exists"

#calculate uid
local_uid_avail="$(local_getent_passwd| cut -f3 -d: |sort -unr|head -n1)"
ldap_uid_avail="$(ldap-getent-passwd "$config"| cut -f3 -d: |sort -unr|head -n1)"
[ -n "$ldap_uid_avail" ] && [ "$local_uid_avail" -lt "$ldap_uid_avail" ] && uid_avail="$ldap_uid_avail" || uid_avail="$local_uid_avail"

uid_min="${uid_min:-$(sed -rn 's,^UID_MIN[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"
uid_max="${uid_max:-$(sed -rn 's,^UID_MAX[[:space:]]+([^[:space:]]+),\1,p' /etc/login.defs)}"

uid=$(( $uid_avail + 1 ))

[ "$uid" -le "$uid_max" ] || fatal "not free uid available"
[ "$uid" -lt "$uid_min" ] && uid="$uid_min"

message "using uid - $uid"

#add group and calculate gid
ldap-getent-group "$config" "$user" | grep -qs "^$user:" && fatal "same name in group database already exists"
cl-groupadd "$config" "$user"
gid="$(ldap-getent-group "$config" "$user"|cut -f3 -d:)"

message "using gid - $gid"

#edit ldap
ldapadd -a -D "$binddn" $bindpw -x <<EOF
dn: uid=$user,ou=People,$base
uid: $user
cn: $user
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
userPassword: {crypt}x
uidNumber: $uid
gidNumber: $gid
homeDirectory: /home/$user
EOF

if [ -d "/home/$user" ]; then
    message "home directory already exists"
else
    cp -r /etc/skel "/home/$user"
    chown -R "$uid:$gid" "/home/$user"
fi

spool="$(/usr/sbin/postconf -h mail_spool_directory)"

if [ ! -n "$spool" ]; then
	message "unknown spool directory, using default"
	spool="/var/mail"
fi

if [ -r "$spool/$user" ];then
	message "mail spool already exists"
else
	install -m 0660 -o "$uid" -g mail /dev/null "$spool/$user"
fi

