#!/bin/sh

# Set the variables
SERVER=${SERVER:-`hostname --fqdn`}
DOMAIN=${SERVER#*.}
LDAP_ROOT=""
IFS="."
for DC in $DOMAIN
do
  LDAP_ROOT="${LDAP_ROOT},dc=$DC"
done
LDAP_ROOT="${LDAP_ROOT#,}"
echo -e "
\nServer:    $SERVER
\nDomain:    $DOMAIN
\nLDAP Root: $LDAP_ROOT
"

# Setup TLS certificate (self-signed) for LDAP

CA_KEY=certs/CAself-key.pem
CA_INFO=certs=certs/CAself.info
CA_CERT=certs/CAself-cert.pem

certtool --generate-privkey > $CA_KEY
cat > $CA_INFO <<EOF
cn = $DOMAIN
ca
cert_signing_key
expiration_days = 8000
EOF
certtool \
  --generate-self-signed \
  --load-privkey $CA_KEY \
  --template $CA_INFO \
  --outfile $CA_CERT
chmod 0640 $CA_KEY


# Generate private key for LDAP service

LDAP_TLS_KEY=certs/$SERVER_slapd_key.pem
LDAP_TLS_INFO=certs/$SERVER.info
LDAP_TLS_CERT=certs/$SERVER_slapd_cert.pem

certtool --generate-privkey > $LDAP_TLS_KEY
cat > $LDAP_TLS_INFO <<EOF
organization = $DOMAIN
cn = $SERVER
tls_www_server
encryption_key
signing_key
expiration_days = 8000
EOF
certtool \
  --generate-certificate \
  --load-privkey $LDAP_TLS_KEY \
  --load-ca-certificate $CA_CERT \
  --load-ca-privkey $CA_KEY \
  --template $LDAP_TLS_INFO \
  --outfile $LDAP_TLS_CERT
chmod 0640 $LDAP_TLS_KEY