#!/bin/bash
#
# Univention AD Connector
#  preparation script for a new parallel running connector instance
#
# SPDX-FileCopyrightText: 2004-2026 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only


usage() {
    echo "Script for preparation of a further instance of Univention AD Connector"
    echo "usage: $0 [-f] -a <delete|create> -c <new config basename> "
    echo ""
    echo "examples:"
    echo "$0 -a create -c connector2"
    echo "         creates a new connector-instance with leading name \"connector\""
    echo "         for UCR-variables, paths, init-script etc.. "
    echo "$0 -f -a create -c connector2"
    echo "         same as above, but force action even if the given config"
    echo "         basename already exists. All files are updated from the origin"
    echo "         ones (including the mapping!) but no UCR-variables are changed."
    echo "$0 -a delete -c connector2"
    echo "         Stops the connector, removes files and UCR-Variables for"
    echo "         basename \"connector2\""
    echo "conventions:"
    echo "The given config base name (option -c) must start with \"con\"."
}

CONFIGBASENAME=""
createflag="0"
deleteflag="0"
forceflag="0"

while getopts 'hfa:c:' OPTION
do
    case $OPTION in
	h)
	    usage
	    exit 0
	    ;;
	a)
	    case "$OPTARG" in
		create)
		    createflag="1"
		    ;;
		delete)
		    deleteflag="1"
		    ;;
		*)
		    echo "ERROR: unknown command given by -a: use \"create\" or \"delete\""
		    echo ""
		    usage
		    exit 1
		    ;;
	    esac
	    ;;
	c)
	    CONFIGBASENAME="$OPTARG"
	    ;;
	f)
	    forceflag="1"
	    ;;
	?)
	    usage
	    exit 1
	    ;;
    esac
done

if [ -z "$CONFIGBASENAME" ]
then
    echo "ERROR: no config base given, use \"-c\""
    echo ""
    usage
    exit 1
fi

if [ "$CONFIGBASENAME" = "connector" ]
then
    echo "ERROR: \"connector\" is the default config base that must not be changed by this script!"
    exit 2
fi

#CONFIGBASENAME should start with "con" to match UCR-info-templates
echo "$CONFIGBASENAME" | grep -q \^con
if [ "$?" = "1" ]
then
    echo "ERROR: config base name must start with \"con\". "
    exit 3
fi

if [ "$createflag" = "0" -a "$deleteflag" = "0" ]
then
    echo "ERROR: neither create nor delete given, use \"-a\""
    echo ""
    usage
    exit 1
fi


if [ "$createflag" = "1" ]
then

    if [ -e /etc/univention/"$CONFIGBASENAME" ]
    then
	if [ "$forceflag" = "1" ]
	then
	    echo "WARNING: given config base already created, recreate as requested by \"-f\""
	else
	    echo "ERROR: given config base already created, if you want to recreate it use \"-f\""
	    exit 2
	fi
    fi

    mkdir -p /etc/univention/"$CONFIGBASENAME"/ad

    echo "-- initialise UCR"
    univention-config-registry set "$CONFIGBASENAME"/ad/ldap/port?389 "$CONFIGBASENAME"/ad/ldap/ssl?yes "$CONFIGBASENAME"/ad/listener/dir?/var/lib/univention-"$CONFIGBASENAME"/ad "$CONFIGBASENAME"/ad/mapping/group/language?de "$CONFIGBASENAME"/ad/mapping/group/primarymail?false "$CONFIGBASENAME"/ad/mapping/syncmode?sync "$CONFIGBASENAME"/ad/mapping/user/primarymail?false "$CONFIGBASENAME"/ad/poll/sleep?5 "$CONFIGBASENAME"/ad/retryrejected?10 "$CONFIGBASENAME"/debug/function?0 "$CONFIGBASENAME"/debug/level?1 "$CONFIGBASENAME"/password/service/encoding?iso8859-15

    echo "-- copy startup script"
    cp /usr/sbin/univention-ad-connector /usr/sbin/univention-ad-"$CONFIGBASENAME"
    sed -i "s|/usr/bin/python3 -W ignore -m univention.connector.ad.main.*|/usr/bin/python3 -W ignore -m univention.connector.ad.main --configbase \"$CONFIGBASENAME\" \"\$@\"|" /usr/sbin/univention-ad-"$CONFIGBASENAME"


    echo "-- copy init script"
    cp /etc/init.d/univention-ad-connector /etc/init.d/univention-ad-"$CONFIGBASENAME"
    sed -i "s|univention-ad-connector|univention-ad-$CONFIGBASENAME|" /etc/init.d/univention-ad-"$CONFIGBASENAME"

    echo "-- register initscript"
    update-rc.d univention-ad-"$CONFIGBASENAME" defaults 97

    echo "-- prepare second listener-instance"
    mkdir -p /var/lib/univention-"$CONFIGBASENAME"/ad/tmp
    chgrp nogroup /var/lib/univention-"$CONFIGBASENAME"/ad/tmp

    echo "-- register second listener-instance"
    eval "$(univention-config-registry shell connector/listener/additionalbasenames)"
    echo $connector_listener_additionalbasenames | grep -q "$CONFIGBASENAME" || univention-config-registry set connector/listener/additionalbasenames="$connector_listener_additionalbasenames $CONFIGBASENAME"

    echo ""
    echo "Finished preparation. You'll need to restart univention-directory-listener and maybe resync the listener-plugin."
    echo "You can start the new connector instance after configuration using \"/etc/init.d/univention-ad-$CONFIGBASENAME start\"."
    echo "Remember to remove additional instances manually before deinstallation of the univention-ad-connector debian package."
    echo ""

fi

if [ "$deleteflag" = "1" ]
then

    echo "-- stop connector"
    /etc/init.d/univention-ad-"$CONFIGBASENAME" stop

    echo "-- stop listener"
    systemctl stop univention-directory-listener

    echo "-- unregister initscript"
    update-rc.d -f univention-ad-"$CONFIGBASENAME" remove

    echo "-- remove init script"
    rm /etc/init.d/univention-ad-"$CONFIGBASENAME"

    echo "-- remove startup script"
    rm /usr/sbin/univention-ad-"$CONFIGBASENAME"

    echo "-- unset known UCR variables"
	univention-config-registry unset "$CONFIGBASENAME"/ad/ldap/base \
		"$CONFIGBASENAME"/ad/ldap/binddn \
		"$CONFIGBASENAME"/ad/ldap/bindpw \
		"$CONFIGBASENAME"/ad/ldap/certificate \
		"$CONFIGBASENAME"/ad/ldap/host \
		"$CONFIGBASENAME"/ad/ldap/port \
		"$CONFIGBASENAME"/ad/ldap/ssl \
		"$CONFIGBASENAME"/ad/listener/dir \
		"$CONFIGBASENAME"/ad/mapping/group/language \
		"$CONFIGBASENAME"/ad/mapping/group/primarymail \
		"$CONFIGBASENAME"/ad/mapping/syncmode \
		"$CONFIGBASENAME"/ad/mapping/user/primarymail \
		"$CONFIGBASENAME"/ad/poll/sleep \
		"$CONFIGBASENAME"/ad/retryrejected \
		"$CONFIGBASENAME"/debug/function \
		"$CONFIGBASENAME"/debug/level \
		"$CONFIGBASENAME"/password/service/encoding

    echo "-- remove config-dir /etc/univention$CONFIGBASENAME"
    rm -r /etc/univention/"$CONFIGBASENAME"

    echo "-- unregister second listener-instance"
    eval "$(univention-config-registry shell connector/listener/additionalbasenames)"
    univention-config-registry set connector/listener/additionalbasenames=`echo $connector_listener_additionalbasenames | sed "s| $CONFIGBASENAME||"`

    echo "-- remove listener-dir"
    rm -r /var/lib/univention-"$CONFIGBASENAME"

    echo "-- start listener"
    systemctl start univention-directory-listener

fi
