#!/bin/sh
#
# Univention Setup
#  ldap base change script
#
# Copyright 2004-2014 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

. /usr/lib/univention-system-setup/scripts/setup_utils.sh

info_header "$0" "$(gettext "Setting LDAP base")"

is_variable_set "ldap/base"

if [ $? = 0 ]; then
	exit 0
fi

# LDAP basis can only be changed via system-setup scripts on a basesystem
eval "$(univention-config-registry shell)"
if [ "$server_role" != "basesystem" ]; then
	exit 1
fi

if [ "$check_ldap_access" = "1" ]; then
	exit 0
fi

new_ldap_base=$(get_profile_var "ldap/base")

ldap_available=1
if [ "$(cat /var/run/univention-system-setup.ldap)" = "no-ldap" ]; then
	ldap_available=0
fi

if [ -z "$new_ldap_base" ]; then
	exit 0
fi

oldbn=$(univention-config-registry get ldap/base)

if [ -d "/var/lib/univention-system-setup/ldapbase.pre" ]; then
	run-parts /var/lib/univention-system-setup/ldapbase.pre --arg=$oldbn --arg=$new_ldap_base
fi

# Remove old NFS exports and resync from LDAP
sed -i "/$oldbn/d" /etc/exports
rm /var/lib/univention-directory-listener/handlers/nfs-shares

service_stop nscd slapd univention-directory-notifier univention-directory-listener heimdal-kdc

d=$(date +%Y%m%d%H%M%S)

slapcat >/var/cache/univention-system-setup/ldif.$d

cp -a /var/cache/univention-system-setup/ldif.$d /var/cache/univention-system-setup/ldif.$d.bak
cp -a /var/lib/univention-ldap/notify/transaction /var/cache/univention-system-setup/transaction.$d

/usr/lib/univention-system-setup/scripts/ldif_rewrite.py $ldap_base $new_ldap_base /var/cache/univention-system-setup/ldif.$d /var/cache/univention-system-setup/new_ldif.$d
sed -i "s|$ldap_base |$new_ldap_base |" /var/lib/univention-ldap/notify/transaction

rm -Rf /var/lib/univention-ldap/ldap/*


univention-config-registry set ldap/base="$new_ldap_base"

for var in $(univention-config-registry search --brief --value $oldbn | cut -f 1 -d ":"); do
	# the ldap/base is already set
	if [ "$var" = "ldap/base" ]; then
		continue
	fi
	old_value="$(univention-config-registry get $var)"
	new_value="$(echo $old_value | sed -e "s|$oldbn|$new_ldap_base|")"
	echo "Replace baseconfig variable $var from $old_value to $new_value" >>/var/log/univention/setup.log
	univention-config-registry set $var="$new_value"
done


univention-config-registry commit /var/lib/univention-ldap/ldap/DB_CONFIG

sed -i "s|univentionNagiosCheckArgs: $ldap_base|univentionNagiosCheckArgs: $new_ldap_base|" /var/cache/univention-system-setup/new_ldif.$d

if [ -e "/etc/nagios/nrpe.univention.d/UNIVENTION_LDAP.cfg" ]; then
	sed -i "s|$ldap_base|$new_ldap_base|" /etc/nagios/nrpe.univention.d/UNIVENTION_LDAP.cfg
fi

slapadd </var/cache/univention-system-setup/new_ldif.$d

service_start slapd univention-directory-notifier nscd heimdal-kdc

eval "$(univention-config-registry shell samba/user ldap/hostdn)"

if  [ "$samba_user" = "cn=admin,$new_ldap_base" ]; then
	passfile="/etc/ldap.secret"
elif [ "$samba_user" = "$ldap_hostdn" ]; then
	passfile="/etc/machine.secret"
elif [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then
	passfile="/etc/ldap.secret"
elif [ -e "/etc/machine.secret" ]; then
	passfile="/etc/machine.secret"
fi

service_stop univention-bind univention-bind-proxy

# set value in /etc files
if [ -d "/etc/bind/univention.conf.d" ]; then
	for i in /etc/bind/univention.conf.d/*; do
		sed -i "s|,$oldbn |,$new_ldap_base |g" $i
	done
fi

service_start univention-bind univention-bind-proxy

if [ -n "$passfile" ]; then
	if [ -x "/usr/bin/smbpasswd" ]; then
		smbpasswd -w "$(cat $passfile)"
		service_stop samba; sleep 1; service_start samba
	fi
fi

service_start univention-directory-listener

if [ -d "/var/lib/univention-system-setup/ldapbase.post" ]; then
	run-parts /var/lib/univention-system-setup/ldapbase.post --arg=$oldbn --arg=$new_ldap_base
fi

exit 0
