#!/bin/bash
msg(){ ${VERBOSE:-true} && echo ${@} ; }
assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && msg ${@} ; exit 1 ; } }

# from https://github.com/dinkel/docker-openldap/blob/master/entrypoint.sh:
# When not limiting the open file descritors limit, the memory consumption of
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
ulimit -n 8192

msg "I: running slapd for initial setup..."
slapd -u openldap -g openldap -h ldapi:///
assert "E: openldap died unexpectedly!"

PIDFILE=$(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" -s base \
		     "" olcPidFile | grep olcPidFile | awk "{print $2}")
msg "I: slapd running with PID ${PIDFILE}"

[[ -n "${OPENLDAP_ADMIN_PASSWORD}" ]]
assert "E: please set non-empty password in OPENLDAP_ADMIN_PASSWORD and retry."

HASHED_PW=$(slappasswd -h {SSHA} -s "${OPENLDAP_ADMIN_PASSWORD}")
[[ -n "${HASHED_PW}" ]]
assert "E: password hash unexpectedly empty!"

msg "I: Setting administrator password..."
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: ${HASHED_PW}

EOF
assert "FATAL: failure setting administrator password!"

# find current schemas
eval "declare -A LOADED_SCHEMAS=( $(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// \
                                     -b "cn=schema,cn=config" -s one cn \
                          | sed -n 's/^cn:.*[{].*[}]\(.*\)$/[\1]=loaded/p') )"
msg "I: currently loaded schemas: ${!LOADED_SCHEMAS[@]}"

# load schemas
# built-in: core, cosine, nis, inetorgperson
# available: collective, corba, duaconf, dyngroup, java, misc, nis, openldap, pmi, ppolicy
for schema in ${OPENLDAP_SCHEMAS}
do
    [[ -z "${LOADED_SCHEMAS[$schema]}" ]] || continue;
    msg "I: loading schema ${schema}..."
    [[ -f /etc/ldap/schema/${schema}.ldif ]]
    assert "E: schema /etc/ldap/schema/${schema}.ldif not found!"
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/${schema}.ldif
    assert "E: failure loading schema ${schema}!"
done

# enable memberof module
if ${OPENLDAP_ENABLE_MEMBEROF}
then
    msg "I: enabling memberof module ..."
    ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof

EOF
    RES=$?
    [[ $RES -eq 0 ]] || [[ $RES -eq 20 ]]
    assert "E: failed loading memberof module (${RES})"
    msg "I: module memberof enabled (${RES})"
    unset RES
fi

# kill slapd after initial setup
msg "I: killing initial server..."
kill -INT $(cat ${PIDFILE})

# unset sensitive variables
unset OPENLDAP_ROOT_PASSWORD
unset HASHED_PW
unset LOADED_SCHEMAS
unset PIDFILE

# run Dockerfile CMD
msg "I: running CMD $@"
set -e
exec "$@"