#!/usr/bin/bash

E_BADARGS=65

print_usage ()
{
  echo "Usage: `basename $0` options"
  echo "Options: -D binddn : DN to bind to server with"
  echo "         -b basedn : base DN"
  echo "         -h host   : LDAP server"
  echo "         -f filter : LDAP search filter containing %u for username"
  echo "         -l limit  : keyword for limit grace logins attribute (default: loginGraceLogin)"
  echo "         -r remain : keyword for remaining grace logins attribute (default: loginGraceRemain)"
  exit $E_BADARGS
}

LDAPSEARCH=`which ldapsearch`
if [[ $LDAPSEARCH = no* ]]
then 
 echo "Error: ldapsearch not found!"
 exit 1
fi

AWK=`which gawk`
if [[ $AWK = no* ]]
then 
 echo "Error: awk not found!"
 exit 1
fi

SED=`which sed`
if [[ $SED = no* ]]
then 
 echo "Error: sed not found!"
 exit 1
fi

if [ "$#" -eq 0 -o "$#" -lt 8 ]
then
  print_usage
fi

while getopts "D:b:h:f:l:r:" option
do
  case $option in
    D) BINDDN=$OPTARG;;
    b) BASEDN=$OPTARG;;
    h) HOST=$OPTARG;;
    f) FILTER=$OPTARG;;
    l) LIMIT=$OPTARG;;
    r) REMAIN=$OPTARG;;
    *) print_usage;;
  esac
done

if [[ $FILTER != *\%u* ]]
then
  echo "Error: no %u found in search filter"
  exit $E_BADARGS
fi

if [ "$LIMIT" == "" ]
then
  LIMIT="loginGraceLimit"
fi

if [ "$REMAIN" == "" ]
then
  REMAIN="loginGraceRemain"
fi

while read USER
do
  if [ "$USER" != "" ]
  then
    NEWFILTER=`echo $FILTER | $SED s/%u/$USER/`
    $LDAPSEARCH -D $BINDDN -b $BASEDN -h $HOST "$NEWFILTER" | \
        $AWK -v limit="$LIMIT" -v remain="$REMAIN" '{ \
		if ( $0 ~ limit ) { vallimit=$2 }; \
		if ( $0 ~ remain ) { valremain=$2 } \
	      } \
	      END { \
		if ( valremain != "" && vallimit != "" ) { \
		  if ( valremain == vallimit ) { print "OK" } \
		  else { print "ERR" } \
		} \
		else { print "ERR" } \
	      }'
  else
    echo "ERR"
  fi
done

exit 0