mailname

#!/usr/bin/env bash

set -o errexit \
    -o pipefail \
    -o nounset

export LDAPTLS_REQCERT=never
LDAPSEARCH_PATH=/usr/bin/ldapsearch

if [[ -z "${AD_PASS_FILE:-}" ]]; then
    if [[ -f "$HOME/.adname_ad_pass" ]]; then
        ad_pass_file="$HOME/.adname_ad_pass"
    elif [[ -f "/shared/ucl/etc/adpw" ]]; then
        ad_pass_file="/shared/ucl/etc/adpw"
    else
        echo "No ~/.adname_ad_pass or /shared/ucl/etc/ad_pw file, quitting..." >&2
        exit 2
    fi
else
    ad_pass_file="$AD_PASS_FILE"
fi

if [[ "$1" == "-d" ]]; then
    debug_mode="y"
    shift
else
    debug_mode=""
fi

for name in "$@"; do
      if [[ ! "$name" =~ [A-Za-z.0-9+-]+@ucl\.ac\.uk ]] && \
         [[ ! "$name" =~ [A-Za-z.0-9+-]+@live\.ucl\.ac\.uk ]] && \
         [[ ! "$name" =~ [A-Za-z.0-9+-]+@alumni\.ucl\.ac\.uk ]]; then
          echo "Error: not a valid UCL email address: $name" >&2
          exit 1
      fi



      ldap_uri="ldaps://ldap-auth-ad-slb.ucl.ac.uk:636/"
      #ldap_rdn="OU=Accounts,DC=ad,DC=ucl,DC=ac,DC=uk"
      ldap_rdn="DC=ad,DC=ucl,DC=ac,DC=uk"
      # Course accounts aren't in the OU=Accounts part. Obviously. Why would they be, it's not like they're ACCOUNTS OR ANYTHING

      ldap_bind_user='AD\sa-ritsldap01'
      ldap_password="$(cat "$ad_pass_file")"
      
      search_key='proxyAddresses'
      name="SMTP:$name"

      ldap_search_term="(${search_key}=${name})"

      if [ -n "$debug_mode" ]; then
        ldap_search_args=("-d5" "-Epr=1" "-v" "-x" "-LLL" "-w$ldap_password" "-H$ldap_uri" "-b$ldap_rdn" "-D$ldap_bind_user" "$ldap_search_term")
      else
        ldap_search_args=("-x" "-Epr=1" "-LLL" "-w$ldap_password" "-H$ldap_uri" "-b$ldap_rdn" "-D$ldap_bind_user" "$ldap_search_term")
      fi

      if [ -n "$debug_mode" ]; then 
        echo "Debug: ldapsearch path is: $LDAPSEARCH_PATH" >&2
        echo "Debug: ldapsearch arguments are: ${ldap_search_args[*]}" >&2
      fi

      if [ -n "$debug_mode" ]; then
        set -x
      fi

      # Have to set the NSS_HASH_ALT_SUPPORT environment variable to 
      #  allow MD5 as a cert hash algorithm. Broken in RHEL6.5->6.6 change. Wooooo.
      # The cryptic perl expression removes wrapping 
      if [ -n "$debug_mode" ]; then
        echo "Debug: command to run: NSS_HASH_ALG_SUPPORT=+MD5 $LDAPSEARCH_PATH" "${ldap_search_args[@]}"
      fi
      search_result=$(NSS_HASH_ALG_SUPPORT=+MD5 $LDAPSEARCH_PATH "${ldap_search_args[@]}" | sed -n -e 's/^name: //p' | sort | perl -p00e 's/\r?\n //g' )
      #search_result=$($LDAPSEARCH_PATH "${ldap_search_args[@]}" | perl -p00e 's/\r?\n //g')
      
      if [ -n "$debug_mode" ]; then
        set +x
      fi
      # And that's us done with LDAP


    if [ -n "$search_result" ]; then
      if [ $# -gt 1 ]; then
        echo "${name#SMTP:}: ${search_result}"
      else
        echo "${search_result}"
      fi
    else
      echo "Error: no user found for username \"${name}\"" >&2
    fi
done