#!/bin/bash
# add group for Kerberos/LDAP/NFS4
# paul@vandervlis.nl

# get variables
. /usr/local/sbin/variables

# ask group when not on commandline:
if test "$1" = ""; then
  read -p "Groupname: " group
else
  group="$1"
fi
if test "$group" = ""; then
  echo no group.
  exit
fi
group=$(echo "${group}" | tr '[:upper:]' '[:lower:]')

# test if group excists
if ! test "`getent group $group`" = ""; then
  echo "This group already excists!"; exit
fi

# test for correctness of the name:
if ! echo "$group" | LC_ALL=C grep -Eq '^[a-z0-9_.][a-z0-9_.-]{0,31}$' ; then
    echo "Error: incorrect groupname"; exit
fi

# uid, temporary method:
typeset -i guid=`cat /usr/local/sbin/guid`+1
echo $guid > /usr/local/sbin/guid

# create LDIF:
TMPLDIF=$(tempfile)
echo -n "" >$TMPLDIF
echo "dn: cn=$group,ou=groups,$ldaproot" >>$TMPLDIF
echo "objectClass: posixGroup" >>$TMPLDIF
echo "cn: $group" >>$TMPLDIF
echo "gidNumber: $guid" >>$TMPLDIF

# load ldif in ldap:
ldapadd -xD "cn=admin,$ldaproot" -w "$ldappw" -f $TMPLDIF
rm $TMPLDIF

# nscd restart
service nscd restart > /dev/null

# log
echo "`date` create group $group with uid $guid" >> /var/log/au.log