#!/bin/ksh93
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# 61haes_r714 src/43haes/lib/ksh93/hacmp/KLIB_HACMP_add_ldap_client.sh 1.3 
#  
# Licensed Materials - Property of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2011 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 
# @(#)90	1.3  src/43haes/lib/ksh93/hacmp/KLIB_HACMP_add_ldap_client.sh, hacmp.assist, 61haes_r714 8/6/13 16:54:51

#================================================
# The following, commented line enforces coding
# standards when this file is edited via vim.
#================================================
# vim:tabstop=4:shiftwidth=4:expandtab:smarttab
#================================================

# Start of POD-formatted documentation. Viewing suggestions:
#      perldoc <FILENAME>
#      pod2text -c <FILENAME>
#      pod2text -c --code <FILENAME>
#      pod2html <FILENAME>
function devDoc {
    : <<'=cut' >/dev/null 2>&1

=head1 NAME

 KLIB_HACMP_add_ldap_client

=head1 VERSION

 Version Number:  1.3
 Last Extracted:  1/31/14 04:41:41
 Last Changed:    8/6/13 16:54:51

 Path, Component, Release(, Level):
 src/43haes/lib/ksh93/hacmp/KLIB_HACMP_add_ldap_client.sh, hacmp.assist, 61haes_r714

=head1 SYNOPSIS

 clmgr add ldap_client \
             SERVERS=<LDAP_server>[,<LDAP_server#2>] \
             BIND_DN=<bind_distinguished_name> \
                 PASSWORD=<admin_password> \
             SUFFIX_DN=<suffix_dn> \
             SSL_KEY=<full_path_to_key> \
                 SSL_PASSWORD=<SSL_key_password> \
             [ PORT={636|###} ]

 NOTE: the alias for "ldap_client" is "lc".

=head1 DESCRIPTION

Attempts to configure one or more LDAP clients for the cluster to use
for federated security.

=head1 ARGUMENTS

 1. properties [REQUIRED] [hash ref]
    An associative array within which data about the
    created object can be returned to the caller.

 2. servers [REQUIRED] [string]
    The label of one or more LDAP servers that the clients should connect to.

 3. bind_dn [REQUIRED] [string]
    The administrative distinguished name for the LDAP servers.

 4. password [REQUIRED] [string]
    The password to use to contact the LDAP servers.

 5. suffix_dn [REQUIRED] [string]
    The suffix distinguished name for the LDAP servers.

 6. ssl_key [REQUIRED] [string]
    The full path to an SSL key used for communications.

 7. ssl_password [REQUIRED] [string]
    The password associated with the specified SSL key.

 8. port [OPTIONAL] [string]
    The port number of the LDAP clients (defaults to 636).

=head1 RETURN

 0: no errors were detected; the operation appears to have been successful
 1: a general error has occurred
 2: a specified resource does not exist, or could not be found
 3: some required input was missing
 4: some detected input was incorrect in some way
 5: a required dependency does not exist
 6: a specified search failed to match any data

=head1 COPYRIGHT

COPYRIGHT International Business Machines Corp. 2005,2010
All Rights Reserved

=cut
} # End of POD-formatted documentation.


function KLIB_HACMP_add_ldap_client {
    LINENO=2 . $HALIBROOT/log_entry "$0()" "$CL"
    : version=1.3, src/43haes/lib/ksh93/hacmp/KLIB_HACMP_add_ldap_client.sh, hacmp.assist, 61haes_r714
    : INPUTS: $*

    typeset -n properties=$1
    typeset servers=${2//\"/}
    typeset bind_dn=${3//\"/}
    typeset password=${4//\"/}
    typeset suffix_dn=${5//\"/}
    typeset ssl_key=${6//\"/}
    typeset ssl_password=${7//\"/}
    typeset port=${8//\"/}

    [[ $CLMGR_LOGGING == 'med' ]] && set +x  # Only trace param values

    #===================================
    : Declare and initialize variables
    #===================================
    typeset -i rc=$RC_UNKNOWN

    #=================
    : Validate input
    #=================
    if [[ -z $servers ]]; then
        /usr/bin/dspmsg -s $CLMGR_SET $CLMGR_MSGS 242 "\nERROR: one or more LDAP servers must be provided.\n\n" 1>&2
        rc=$RC_MISSING_INPUT
    fi

    #================================
    : Check for all required inputs
    #================================
    for PAIR in "BIND_DN|$bind_dn" \
                "PASSWORD|$password"
    do
        typeset ATTR=${PAIR%%\|*}
        typeset VALUE=${PAIR##*\|}

        if [[ $VALUE == *([[:space:]]) ]]; then
            /usr/bin/dspmsg -s $CLMGR_SET $CLMGR_MSGS 101 "\nERROR: this operation requires the \"%1\$s\" attribute.\n\n" "$ATTR" 1>&2
            rc=$RC_MISSING_INPUT
        fi
    done

    if [[ -n $port && $port != +([[:digit:]]) ]]; then
        /usr/bin/dspmsg -s $CLMGR_SET $CLMGR_MSGS 111 "\nERROR: \"%1\$s\" requires a positive, integer value.\n\n" PORT 1>&2
        rc=$RC_INCORRECT_INPUT
    fi

    #===============================================================
    : Define the LDAP client if no input errors have been detected
    #===============================================================
    if (( $rc == RC_UNKNOWN )); then
        typeset port_opt= key_opt= keypw_opt=
        [[ -n $port ]] && port_opt="-p $port" || port_opt="-p 636"
        [[ -n $ssl_key ]] && key_opt="-S $ssl_key"
        [[ -n $ssl_password ]] && keypw_opt="-W $ssl_password"

        print -- "$0()[$LINENO]($SECONDS): $HACSPOC/cl_ldap_client_config -h \"${servers//+([[:space:]])/,/}\" -a \"$bind_dn\" -w \"$password\" -d \"$suffix_dn\" -S \"$ssl_key\" -W \"$ssl_password\" $port_opt" >>$CLMGR_TMPLOG
        $HACSPOC/cl_ldap_client_config -h "${servers//+([[:space:]])/,}" \
                                       -a "$bind_dn" \
                                       -w "$password" \
                                       -d "$suffix_dn" \
                                       $key_opt \
                                       $keypw_opt \
                                       $port_opt
        rc=$?
        print "$0()[$LINENO]($SECONDS): cl_ldap_client_config RC: $rc" >>$CLMGR_TMPLOG  # Always log command result

        if (( $rc != RC_SUCCESS )); then
            rc=$RC_ERROR
        fi

        #===========================================================
        : If output from this operation was requested, retrieve it
        #===========================================================
        if (( $rc == RC_SUCCESS )); then
            if (( CLMGR_VERBOSE )) || [[ -n $CLMGR_ATTRS ]]; then
                CL=$LINENO KLIB_HACMP_get_ldap_client_attributes properties
            fi
        fi
    fi

    #=======================================================================
    : If a user input error was detected, provide some helpful suggestions
    #=======================================================================
    if (( $rc == RC_MISSING_INPUT || $rc == RC_INCORRECT_INPUT )) && \
       [[ $CLMGR_GUI == *([[:space:]]) ]]
    then
        CL=$LINENO cl_dspmsg -s $CLMGR_SET $CLMGR_MSGS 104 "For more information about available options and syntax, try\n\"$HAUTILS/clmgr %1\$s\". As an\nalternative, if the PowerHA SystemMirror man pages have been installed, invoke\n\"$HAUTILS/clmgr -hv\" (or \"/usr/bin/man clmgr\"),\nsearching for \"%2\$s\" in the displayed text.\n\n" \
        "add ldap_client -h" "LDAP CLIENT:" "$CLMGR_PROGNAME" 1>&2
    fi

    log_return_msg "$rc" "$0()" "$LINENO"
    return $?
} # End of "KLIB_HACMP_add_ldap_client()"