#!/bin/sh
#
# ldictl - show/change LDI control parameters
#
# Usage: ldictl [ attr value value ... ]
#
# This script allows one to view and change LDI control parameters.
# You *must* change the value of $UNIT below to match your LDI unit name.
#
# If you set $UNIT_ADMIN_{CERT,KEY} to the location of your AdminAccess
# cert and key files, ldictl will attempt to connect using that cert.
# Otherwise it will try to connect using the unitAdmin dn, and will
# prompt for the password.
#
# Running ldictl with no arguments will display the current LDI control
# values.  If arguments are given, the control attribute named by the
# first argument is replaced by the succeeding arguments. E.g.
#
#   ldictl techContact somsky@uw.edu waldrw@uw.edu
#
# - WRSomsky 2017-04

UNIT=phys				## set this to your unit name
UNIT_ADMIN_CERT=Certs/ldi-admin.crt	## AdminAccess cert file
UNIT_ADMIN_KEY=Certs/ldi-admin.key	## AdminAccess key file

LDI_SERVER=ldap://ldi.s.uw.edu

if [ -f "$UNIT_ADMIN_CERT" -a -f "$UNIT_ADMIN_KEY" ] ; then # auth by cert
  export LDAPTLS_CERT=$UNIT_ADMIN_CERT
  export LDAPTLS_KEY=$UNIT_ADMIN_KEY
  AUTH="-QY EXTERNAL"
else # auth by passwd
  AUTH="-xWD cn=unitAdmin,ou=auth,ou=$UNIT,dc=ldi,dc=uw,dc=edu"
fi

if [ $# -eq 0 ] ; then # show current LDI control values
  exec \
    ldapsearch -ZH $LDI_SERVER $AUTH \
      -LLL -s base -b cn=control,ou=$UNIT,dc=ldi,dc=uw,dc=edu
  exit 1
fi

ATTR=$1 ; shift

LDIF=/tmp/ldictl.$$
trap "/bin/rm -f $LDIF; exit" 0 1 2 3 15

cat <<EOD > $LDIF
dn: cn=control,ou=$UNIT,dc=ldi,dc=uw,dc=edu
changetype: modify
replace: $ATTR
EOD
for val in "$@" ; do
  echo "$ATTR: $val" >> $LDIF
done

ldapmodify -ZH $LDI_SERVER $AUTH -f $LDIF