#!/bin/bash

LDAPSEARCH=/usr/bin/ldapsearch
SSSD_CONFIG=/etc/sssd/sssd.conf
SEARCHBASE="dc=schuerz,dc=at"
BindDN=$(sed -n -e '/^ldap_default_bind_dn/s/^ldap_default_bind_dn[ ]*=[ ]*//p' $SSSD_CONFIG)
BindPW=$(sed -n -e '/^ldap_default_authtok/s/^ldap_default_authtok[ ]*=[ ]*//p' $SSSD_CONFIG)
LDAPHost="ldap://ldap.schuerz.at"
HostDN=""

function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; }

#echo BindDN: $BindDN
#echo BindPW: $BindPW
#echo HostDN: $HostDN

regex='([^,]+),([^,]+),([^,]+),([^,]+),([^,]+),([^,]+)'
#regex='(([^,]+),)+[^,]+'
if [[ $BindDN =~ $regex ]]; then
    i=2
    n=${#BASH_REMATCH[*]}
    #echo BR ${BASH_REMATCH[*]}
#    delete=( ${BASH_REMATCH[1]} )
#    echo delete ${delete[*]}
#    echo deleted ${BASH_REMATCH[*]/$delete}
#    HostDN=("${BASH_REMATCH[@]/$delete}")
    while [[ $i -lt $n ]]
    do
        #echo "  capture[$i]: ${BASH_REMATCH[$i]}"
        if [[ -z "$HostDN" ]]; then
            HostDN="${BASH_REMATCH[$i]}"
            #echo $HostDN
        else
            HostDN="${HostDN},${BASH_REMATCH[$i]}"
            #echo $HostDN
        fi
        let i++
    done

else
    echo BindDN does not match regex
    echo $BindDN
    echo $regex

fi

#echo "HostDN: $HostDN"
SEARCHFILTER="(&(dcAccountStatus=active)(|(memberof=cn=perm-sys_local_admins,${HostDN}) (memberof=cn=perm-sys_local_users,${HostDN}) ( memberof=cn=perm-sys_admins,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at) (memberof=cn=perm-sys_users,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at)))" 
#echo "SEARCHFILTER: $SEARCHFILTER"

ldapsearch -LLL -Z -w $BindPW -D $BindDN  "${SEARCHFILTER}" uid|awk 'BEGIN{ORS=" "}$1=="uid:" {print $2}'