#!/bin/bash

TIMEOUT=120 # seconds

BASE=dc=skole,dc=skolelinux,dc=no
LDAPURI="ldaps://ldap"
DOMAIN=SKOLELINUX
BASEDN=cn=smbadmin,ou=People,$BASE
SHORTHOST=`hostname -s`

# Search for existing samba objects, and if they exists, exit
if /usr/bin/ldapsearch -LLL -H $LDAPURI -x -b "$BASEDN" 1>/dev/null 2>&1 ; then
  echo "error: smbadmin account already exists, exiting"
  exit 1
fi

if [ -x /etc/init.d/slapd -a -x /etc/init.d/samba ] ; then
    :
else
    echo "error: Missing slapd or samba.  Exiting."
    exit 1
fi

# Start slapd
/etc/init.d/slapd start

# Restart Samba
/etc/init.d/samba restart

# We have to fetch something called sambasid to create the sambaDomainName
# object. if we do not have this object smbpasswd will complain try to
# add it to the ldap tree, but since samba does not have write access,
# it will fail. but the sambasid is not available until 120 seconds after
# samba is restarted for the first time. This is on my PIII-750MHz test
# machine.

get_sid() {
  net getlocalsid $SHORTHOST 2>/dev/null| cut -f 2 -d:
}

DELAY=5
AFTER=0
echo "Waiting up to $TIMEOUT seconds for \"net getlocalsid $SHORTHOST\" to return"
SAMBASID="$(get_sid)"
while [ -z "$SAMBASID" -a $AFTER -lt $TIMEOUT ]  ; do
  echo -n .
  let AFTER=$AFTER+$DELAY
  sleep $DELAY
  SAMBASID="$(get_sid)"
done


if [ -z "$SAMBASID" ] ; then
  echo unable to fetch SAMBASID 1>&2
  exit 0
fi

echo "SAMBASID success after $AFTER sec" 1>&2

# Generate Samba_passwd
SMBPW=$(/usr/bin/makepasswd)

# Generate Crypted password
CRYPTPW=$(/usr/sbin/slappasswd -u -s $SMBPW)

# Stop openldap
/etc/init.d/slapd stop

# Stop nscd
/etc/init.d/nscd stop

# Add smbadmin user to ldap db
cat << EOF | /usr/sbin/slapadd
dn: $BASEDN
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: smbadmin
description: Samba Administrator
userPassword: $CRYPTPW

EOF

# Store samba pw for later use
/usr/bin/smbpasswd -w $SMBPW


# Samba want s to save some information, but since we do not want to
# allow global write access to samba, we just do the update ourselves.
NOW=$(date -u +%Y%m%d%H%M%SZ)
cat << EOF | /usr/sbin/slapadd
dn: sambaDomainName=$DOMAIN,$BASE
sambaDomainName: $DOMAIN
sambaSID: $SAMBASID
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
EOF

cat << EOF | /usr/sbin/slapadd
dn: uid=root,ou=People,$BASE
objectClass: sambaSamAccount
objectClass: account
uid: root
sambaSID: ${SAMBASID}-1000
EOF

# Start slapd
/etc/init.d/slapd start

# Add samba Groupmap for Admins
/usr/bin/net groupmap add rid=512 unixgroup=admins \
             type=domain ntgroup="Domain Admins" \
             comment="All system administrators in the school"
