#!/bin/bash
# add user for Kerberos/LDAP/NFS4
# paul@vandervlis.nl

# get variables
. /usr/local/sbin/variables

# ask user when not on commandline:
if test "$1" = ""; then
  read -p "Username: " user
else
  user=$1
fi
if test "$user" = ""; then
  echo no user.
  exit
fi
user=$(echo "${user}" | tr '[:upper:]' '[:lower:]')

# test if user or group excists
if ! test "`getent passwd $user`" = ""; then
  echo "This user already excists!"; exit
fi
if ! test "`getent group $user`" = ""; then
  echo "This group already excists!"; exit
fi

# test for correctness of the name:
if ! echo "$user" | LC_ALL=C grep -Eq '^[a-z0-9_.][a-z0-9_.-]{0,31}$' ; then
    echo "Error: incorrect username"; exit
fi

# ask for  password:
if test "$2" = ""; then
  passwordc=`pwgen -A 8 1`
  read -p "Password for $user, specify a password (return=$passwordc) : " password
  if test "$password" = ""; then
    password="$passwordc"
  fi
else
  password="$2"
fi

# uid, temporary method:
typeset -i uid=`cat /usr/local/sbin/uid`+1
echo $uid > /usr/local/sbin/uid

# add kerberos principal
kadmin.local -q "addprinc -pw $password -policy user $user"

# create LDIF:
TMPLDIF=$(tempfile)
echo -n "" >$TMPLDIF
echo "dn: cn=$user,ou=users,$ldaproot" >>$TMPLDIF
echo "objectClass: posixGroup" >>$TMPLDIF
echo "objectClass: posixAccount" >>$TMPLDIF
echo "cn: $user" >>$TMPLDIF
echo "uid: $user" >>$TMPLDIF
echo "uidNumber: $uid" >>$TMPLDIF
echo "gidNumber: $uid" >>$TMPLDIF
echo "homeDirectory: /home/$user" >>$TMPLDIF
echo "loginShell: /bin/bash" >>$TMPLDIF
echo "memberUid: $user" >>$TMPLDIF

# load ldif in ldap:
ldapadd -xD "cn=admin,$ldaproot" -w "$ldappw" -f $TMPLDIF
rm $TMPLDIF
#echo $TMPLDIF

# home-directory
cp -a /etc/skel /srv/nfs4/home/$user
chown -R $uid:$uid /srv/nfs4/home/$user
chmod 750 /srv/nfs4/home/$user

# nscd restart (otherwise aug does not work)
service nscd restart > /dev/null

# group membership and creates links and restarts nscd
aug $user $nfsusers

# samba
if test "$samba" = "1"; then
  echo "Samba:"
  echo -ne "$password\n$password\n" | smbpasswd -a -s $user
fi

# log
echo "`date` create $user with password $password and uid $uid" >> /var/log/au.log