#!/bin/sh
set -eu

CERTS_DIR="/etc/ldap/certs"
DATA_DIR="/var/lib/ldap"
SLAPD_D="/etc/ldap/slapd.d"
INITIALIZED_FLAG="$DATA_DIR/.initialized"
CA_CERT_NAME="ca_cert.pem"
SERVER_CERT_NAME="server_cert.pem"
SERVER_KEY_NAME="server_key.pem"

echo "Starting OpenLDAP entrypoint..."

base_dn="${LDAP_BASE_DN:-dc=example,dc=org}"
domain="${LDAP_DOMAIN:-example.org}"
org="${LDAP_ORG:-Example Org}"
password="${LDAP_PASSWORD:-changeit}"
admin_password="${LDAP_ADMIN_PASSWORD:-$password}"

echo "Base DN  : $base_dn"
echo "Domain   : $domain"
echo "Org      : $org"

tls_enabled="0"
if [ -f "$CERTS_DIR/$CA_CERT_NAME" ] && [ -f "$CERTS_DIR/$SERVER_CERT_NAME" ] && [ -f "$CERTS_DIR/$SERVER_KEY_NAME" ]; then
    tls_enabled="1"
fi
if [ "$tls_enabled" = "1" ]; then
    echo "TLS      : enabled"
else
    echo "TLS      : disabled"
fi

echo "Ensuring slapd runtime directory..."
mkdir -p /var/run/slapd
chown openldap:openldap /var/run/slapd

if [ ! -f "$INITIALIZED_FLAG" ]; then
    echo "First run - configuring slapd via debconf..."
    cat <<EOF | debconf-set-selections
slapd slapd/no_configuration boolean false
slapd slapd/dump_database select when needed
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/move_old_database boolean false
slapd slapd/domain string $domain
slapd shared/organization string $org
slapd slapd/password1 password $admin_password
slapd slapd/password2 password $admin_password
slapd slapd/purge_database boolean false
slapd slapd/internal/adminpw1 password $admin_password
slapd slapd/internal/generated_adminpw password $admin_password
EOF

    echo "Running dpkg-reconfigure slapd..."
    DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -f noninteractive slapd
    echo "dpkg-reconfigure complete."

    echo "Running bootstrap init..."
    LDAP_BASE_DN="$base_dn" \
    LDAP_PASSWORD="$password" \
    TLS_ENABLED="$tls_enabled" \
    python3 -u /bootstrap/init.py
else
    echo "Already initialised - skipping bootstrap."
fi

slapd_url="ldapi:/// ldap://:389/"
if [ "$tls_enabled" = "1" ]; then
    slapd_url="$slapd_url ldaps://:636/"
fi

echo "Launching slapd (URLs: $slapd_url)..."
exec slapd \
    -F "$SLAPD_D" \
    -u openldap \
    -g openldap \
    -d 0 \
    -h "$slapd_url"