#!/bin/sh
# define gprintf for distros without it:
gprintf() {
printf -- "$@"
}

SLAPDCONFFILE=/etc/openldap/slapd.conf
SLAPDCONFDIR=/etc/openldap/slapd.d/
LDAPUSER=ldap
LDAPGROUP=ldap
SLAPTEST_OPTS="-d4 -u"

slapd=/usr/sbin/slapd
slaptest="/usr/sbin/slaptest"

. /etc/init.d/functions
if [ -r /etc/sysconfig/slapd ] ; then
	. /etc/sysconfig/slapd
fi
if [ -e "${SLAPDCONFDIR}/cn=config.ldif" ]
then
	SLAPDCONF="$SLAPDCONFDIR"
	SLAPDCONFTYPE="dir"
	SLAPDCONFFLAG="-F"
else
	SLAPDCONF="$SLAPDCONFFILE"
	SLAPDCONFTYPE="file"
	SLAPDCONFFLAG="-f"
fi

check_config() {
	gprintf "Checking config %s %s: " "${SLAPDCONFTYPE}" "${SLAPDCONF}"
	ERROR="`su $LDAPUSER - -s /bin/bash -c \"${slaptest} ${SLAPTEST_OPTS} ${SLAPDCONFFLAG} ${SLAPDCONF} $@\" 2>&1 > /dev/null`"
	RETVAL=$?
	if [ $RETVAL -eq 0 ]
	then echo_success;echo
	else echo_failure;echo;echo -e "$ERROR"; exit $RETVAL
	fi
	return $RETVAL
}

convert_config() {
	su - ldap -s /bin/bash -c "/usr/sbin/slaptest -f ${SLAPDCONFFILE} -F ${SLAPDCONFDIR}"
}

dbtool () {
	local DO_RECOVER DO_PERMS
	while [ $# -ne 0 ]
	do
		case $1 in
			recover) DO_RECOVER=yes;;
			fixperms) DO_PERMS=yes;;
		esac
		shift
	done

	# For bdb backends we want to recover the transaction logs:
	if [ "$SLAPDCONFTYPE" == "file" ]
		then dbdirs=`awk 'BEGIN {OFS=":"} /[[:space:]]*^database[[:space:]]*\w*/ {db=$2;suf="";dir=""}; /^[[:space:]]*suffix[[:space:]]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm"||db=="hdb")&&(suf!=""&&dir!="")) print dir};/^[[:space:]]*directory[[:space:]]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm"||db="hdb")&&(suf!=""&&dir!="")) print dir};' "$SLAPDCONF" $(awk  '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'`
		else dbdirs=$(awk -F': ' '/^olcDbDirectory/ {print $2}' $(find "$SLAPDCONF" -type f -name '*db.ldif') /dev/null)
	fi

	if [ "$DO_RECOVER" == "yes" ]
	then
	# Find a db_recover
	local DBRECOVER
	if [ -x /usr/bin/slapd_db_recover ]
	then
		# private db_recover is the best choice
		DBRECOVER=/usr/bin/slapd_db_recover
	elif [ -x /usr/bin/db51_recover ]
	then
		DBRECOVER=/usr/bin/db51_recover
	else
		DBRECOVER=""
	fi
	fi

	for dbdir in $dbdirs
	do
		# Ensure the ldap user owns all database directories
		if [ "$DO_PERMS" == "yes" -a "$FIXPERMS" != "no" ]
		then chown -R $LDAPUSER:$LDAPGROUP $dbdir
		fi
		if [ "$DO_RECOVER" -a -n "`find ${dbdir}/*.bdb 2>&-`" -a "$AUTORECOVER" != "no" ]
		then
			if [ -n "$DBRECOVER" ]
			then
				gprintf "Running %s on %s\n" "$DBRECOVER" "${dbdir}"
				su $LDAPUSER -s /bin/bash -c "$DBRECOVER -h "${dbdir}" 2>&1 >/dev/null"
				if [ -f "${dbdir}/alock" ]
				then
					gprintf "removing ${dbdir}/alock\n"
					rm -f "${dbdir}/alock"
				fi
			else
				gprintf "Warning: no %s available for %s\n" db_recover "${dbdir}"
			fi
		fi
	done
}

case "$1" in
    recover)
	dbtool recover fixperms
    	RETVAL=0
	;;
    check)
	check_config
	if [ "$AUTORECOVER" == "yes" ]
	then dbtool recover fixperms
	else dbtool fixperms
	fi
	RETVAL=$?
	;;
    convert)
     	convert_config
	RETVAL=$?
	;;
    *)
	gprintf "Usage: %s\n" "$0 {check|recover|convert}"
	RETVAL=1
	;;
esac

exit $RETVAL
