#!/bin/bash

if [ $# -eq 0 -o "$1" = -h -o "$1" = --help ]; then
	echo
	echo "usage: $(basename $0) <dumpFile>"
	echo
	echo "Exports and sanitizes all LDAP computer, groups, and user entries into a .ldif file"
	echo "which can be imported on a second system via:"
	echo
	echo "invoke-rc.d univention-directory-listener stop"
	echo "cat <dumpFile> | univention-config-registry filter | \\"
	echo "    ldapadd -D \$ldap_hostdn -y /etc/machine.secret"
	echo "invoke-rc.d univention-directory-listener start"
	echo
	exit 0
fi

eval "$(ucr shell)"

# ignore DC master entry and temporary entries
master_entry=$(univention-ldapsearch -LLL cn=$hostname dn | sed -n '1,1p')
ignore_opts="/$master_entry/,/^\$/d; "

# ignore all default LDAP entries
IFS=$'\n'
default_entries=($(cat /usr/share/univention-ldap/base.ldif | univention-config-registry filter | grep dn:))
for ((i=0; i<${#default_entries[@]}; ++i)); do
	ignore_opts="$ignore_opts /${default_entries[i]}/,/^\$/d;"
done
IFS=$' \t\n'

# only dump computers, groups, and users
slapcat | ldapsearch-wrapper | \
	sed -n "/dn:.*,cn=\(computers\|groups\|users\),$ldap_base/,/^$/p;" | \
	sed "$ignore_opts s|$ldap_base|@%@ldap/base@%@|; s|\\<$domainname\\>|@%@domainname@%@|; " > "$1"