#!/bin/sh

# Set the variables

SERVER=${SERVER:-`hostname --fqdn`}
DOMAIN=${SERVER#*.}
LDAP_ROOT=""
IFS="."
for DC in ${DOMAIN}
do
  LDAP_ROOT="${LDAP_ROOT},dc=${DC}"
done
LDAP_ROOT="${LDAP_ROOT#,}"
echo -e "
\nServer:    ${SERVER}
\nDomain:    ${DOMAIN}
\nLDAP Root: ${LDAP_ROOT}
"

# Setup TLS certificate (self-signed) for LDAP

if [ ! -d 'certs' ]
then
  mkdir certs
fi
CA_KEY="certs/CAself-key.pem"
CA_INFO="certs/CAself.info"
CA_CERT="certs/CAself-cert.pem"

certtool --generate-privkey > "${CA_KEY}"
cat > "${CA_INFO}" <<EOF
cn = ${DOMAIN}
ca
cert_signing_key
expiration_days = 8000
EOF
certtool \
  --generate-self-signed \
  --load-privkey "${CA_KEY}" \
  --template "${CA_INFO}" \
  --outfile "${CA_CERT}"
chmod 0640 "${CA_KEY}"


# Generate private key for LDAP service

LDAP_TLS_KEY="certs/${SERVER}_slapd_key.pem"
LDAP_TLS_INFO="certs/${SERVER}.info"
LDAP_TLS_CERT="certs/${SERVER}_slapd_cert.pem"

certtool --generate-privkey > "${LDAP_TLS_KEY}"
cat > "${LDAP_TLS_INFO}" <<EOF
organization = ${DOMAIN}
cn = ${SERVER}
tls_www_server
encryption_key
signing_key
expiration_days = 8000
EOF
certtool \
  --generate-certificate \
  --load-privkey "${LDAP_TLS_KEY}" \
  --load-ca-certificate "${CA_CERT}" \
  --load-ca-privkey "${CA_KEY}" \
  --template "${LDAP_TLS_INFO}" \
  --outfile "${LDAP_TLS_CERT}"
chmod 0640 "${LDAP_TLS_KEY}"

cat > "certs/sourceme" <<EOF
CA_KEY="certs/CAself-key.pem"
CA_INFO="certs/CAself.info"
CA_CERT="certs/CAself-cert.pem"
LDAP_TLS_KEY="certs/${SERVER}_slapd_key.pem"
LDAP_TLS_INFO="certs/${SERVER}.info"
LDAP_TLS_CERT="certs/${SERVER}_slapd_cert.pem"
EOF