#!/usr/bin/perl -w

#------------------------------------------------------------
#This action creates a user in the active directory given
#a unique username and a hash reference of specific user data.
#The hash reference must use  the following keys or they will be 
#ignored:
#
#\%user_data_hash (
#
# 'description'              => Some Description 
# 'given-name'               => First Name  
# 'surname'                  => Last Name    
# 'initials'                 => User Initials    
# 'job-title'                => Job Title
# 'company'                  => Company     
# 'department'               => Department
# 'mail-address'             => Mailing Address
# 'physical-delivery-office' => Physical Address
# 'telephone-number'         => Telephone Number        
# 'internet-address'         => Internet/Web Address
# }
#
#Copyright 2014 Koozali Foundation, Inc.
#11/25/2014: G.Zartman <gzartman@koozali.org>
#
#The code contained herein can be distributed under the same
#license as Perl
#
#TODO
#- May need ot do a bit of datachecking on the values, unless
#  we assume the data comes to this action clean.  Initials, 
#  for example, will error out if more than 3 characters are
#  used for the value
#- Consider setting the displayName attribute as well, otherwise
#  Active directory does it automatically to
#  given-name initials surname.  In some cases, this looks goofy.
#
#------------------------------------------------------------
package esmith::thisaction;

use strict;
use warnings;
use esmith::AccountsDB;
use esmith::AD;
no warnings ('qw');


##Pull arguments
my $event       = $ARGV [0] || '';
my $userName    = $ARGV [1] || '';
my $refUserData = $ARGV [2] || '';  #hash reference
my $verbose     = $ARGV [3] || '';  #flag to display user create output

die "user-create-AD error: username not found in action arguments\n"
  unless ($userName);

##Check AccountsDB to see if username existsi
my $adb = esmith::AccountsDB->open_ro;
if ($adb->get($userName)){
    die "Error in $event: User exists in esmith::accounts\n";
}

##Check AD to see if username exists
my $ad = esmith::AD->new;
if ($ad->doesUserExist($userName)){
    die "Error in $event:  User exists in Active Directory\n";
}

##Create user in active directory. 
my $homeDirectory = '/home/e-smith/files/users/' . $userName . '/home/';
my %userData = ();
if (ref($refUserData) eq 'HASH') {%userData = %$refUserData;} 

my $addUser = "/usr/bin/samba-tool user create $userName " .
              "--home-directory=$homeDirectory " .
              '--login-shell=/usr/bin/rssh ' .
              '--random-password ' .
              '--description="Koozali User:" ';
                         
$addUser .= "$userData{'description'} " 
  if (defined $userData{'description'}); 
$addUser .= "--given-name=$userData{'given-name'} "
  if (defined $userData{'given-name'});
$addUser .= "--surname=$userData{'surname'} "
  if (defined $userData{'surname'});
$addUser .= "--initials=$userData{'initials'} "
  if (defined $userData{'initials'});
$addUser .= "--job-title=$userData{'job-title'} "
  if (defined $userData{'job-title'});
$addUser .= "--company=$userData{'company'} "
  if (defined $userData{'company'});
$addUser .= "--department=$userData{'department'} "     
  if (defined $userData{'department'});
$addUser .= "--mail-address=$userData{'mail-address'} "
  if (defined $userData{'mail-address'}); 
$addUser .= "--physical-delivery-office=$userData{'physical-delivery-office'} "
  if (defined $userData{'physical-delivery-office'});
$addUser .= "--telephone-number=$userData{'telephone-number'} "
  if (defined $userData{'telephone-number'});
$addUser .= "--internet-address=$userData{'internet-address'} "
  if (defined $userData{'internet-address'});

#Run user create command silently so passwords dont show up in log files
my $output = `$addUser 2>&1`;
if ($output =~ /ERROR/) {
    die "Error creating $userName account" . ($verbose ? ': ' . $output : ".\n");
}
else {
    warn("Successfully created user $userName in the Active Directory.\n");
}

##Set Posix settings for user
$ad = esmith::AD->new();
my $UID = $ad->createUID($userName) || '';
my %posix = ('uidNumber'         => $UID,
             'gidNumber'         => $UID,
             'unixHomeDirectory' => $homeDirectory);
unless ($ad->setAttr('user',$userName,\%posix)) {
    warn("Unable to set Posix attributes for $userName.\n");
}


##Disable user until we enable in server-manager by setting password
my $disableUser = '/usr/bin/samba-tool user disable ' . $userName;
system ($disableUser);
die "create-user-AD error: Unable to disable user after create:" 
  if ($? == -1);

1;
