#!/usr/bin/env bash
set -euo pipefail

dir=$(dirname "$0")
. "$dir"/parameters.txt

USER_PASS_HASH=$(echo -n "$TEST_USER_PASS" | mkpasswd -m sha256crypt --stdin)

echo "Reconfiguring slapd with provided domain and admin password..."
# preseed slapd debconf answers to configure slapd non-interactively
debconf-set-selections <<EOF
slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASS}
slapd slapd/internal/adminpw password ${LDAP_ADMIN_PASS}
slapd slapd/password2 password ${LDAP_ADMIN_PASS}
slapd slapd/password1 password ${LDAP_ADMIN_PASS}
slapd slapd/domain string ${DOMAIN}
slapd shared/organization string "${DOMAIN}"
slapd slapd/no_configuration boolean false
slapd slapd/move_old_database boolean true
slapd slapd/backend select MDB
slapd slapd/purge_database boolean false
EOF

DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -fnoninteractive slapd || true

# Create an LDIF for base domain, organizational units, and example posixAccount/inetOrgPerson
TIMESTAMP=$(date +%s)
TMP_LDIF="/tmp/ldap_setup_${TIMESTAMP}.ldif"

cat > "${TMP_LDIF}" <<EOF
dn: ou=People,${BASEDN}
objectClass: organizationalUnit
ou: People

dn: ou=Group,${BASEDN}
objectClass: organizationalUnit
ou: Group

dn: cn=users,ou=Group,${BASEDN}
objectClass: top
objectClass: groupOfUniqueNames
cn: users
uniqueMember: ${BASEDN}

dn: uid=${TEST_USERNAME},ou=People,${BASEDN}
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: ${TEST_USERNAME}
sn: ${TEST_USERNAME}
uid: ${TEST_USERNAME}
uidNumber: ${TEST_UID}
gidNumber: ${TEST_GID}
homeDirectory: ${TEST_HOME}
loginShell: /bin/bash
mail: ${TEST_MAIL}
gecos: ${TEST_USERNAME}
EOF

# don't do this in the here doc so we avoid performing string expansion on it
echo "userPassword: ${USER_PASS_HASH}" >> "$TMP_LDIF"

echo "Importing base LDIF into LDAP..."
ldapadd -x -D "cn=admin,${BASEDN}" -w "${LDAP_ADMIN_PASS}" -f "${TMP_LDIF}"

# Create a simple Dovecot-style mapping example (optional LDIF for mail/posix attributes)
# Some Dovecot setups expect attributes like mailPrimaryAddress, mail, or homeDirectory which are already included.

echo "Creating mailbox"
mkdir -p "${TEST_HOME}"
useradd -M -s /usr/sbin/nologin -u "${TEST_UID}" -d "${TEST_HOME}" "${TEST_USERNAME}" 2>/dev/null || true
chown -R "${TEST_UID}:${TEST_GID}" "${TEST_HOME}" || true
mkdir -p "$(dirname "${TEST_MAIL}")"
touch "${TEST_MAIL}"
chown "${TEST_UID}:${TEST_GID}" "${TEST_MAIL}" || true

echo "LDAP setup complete."
echo "Base DN: ${BASEDN}"
echo "Admin DN: cn=admin,${BASEDN}"
echo "User configuration:"
ldapsearch -LL -D cn=admin,"$BASEDN" -w "$LDAP_ADMIN_PASS" -b "$BASEDN"  "(sn=$TEST_USERNAME)"

# Cleanup
rm -f "${TMP_LDIF}"
