#!/bin/ksh
# Set (change) a users password to expire in some number of days

export TOPDIR=/usr/local/lib/ldap
. ${TOPDIR}/etc/vars

if [ ! $LDAPDOMAIN ]
then
	LDAPDOMAIN=$DEFAULTLDAPDOMAIN
fi

DNDOMAIN=`echo $LDAPDOMAIN | sed -e "s/^/dc=/g" -e "s/\./,dc=/g"`

if [ $# -lt 2 ]
then
	echo "Usage: $0 user num_of_days_before_expired (1-99999)"
	exit 1
else
	USER=$1
	NUMDAYS=$2
	if [ $NUMDAYS -lt 1 -o -$NUMDAYS -gt 99999 ]
	then
		usage
	fi
fi

TODAY=`dse`
YESTERDAY=`expr $TODAY - 1`

# Get current settings
PWINFO=/tmp/pwinfo-${USER}.txt
getpwinfo.sh $USER > $PWINFO

if [ -f $PWINFO ]
then
	if grep "^uid: ${USER}$" $PWINFO > /dev/null 2>&1
	then
		SHADOWLASTCHANGE=`grep "^shadowLastChange: " $PWINFO | awk ' { print $2 } '`
		if [ $SHADOWLASTCHANGE -lt $TODAY ]
		then
			EXPIREDAY=`expr $TODAY + $NUMDAYS`
			EXPIRENUMDAYS=`expr $EXPIREDAY - $SHADOWLASTCHANGE`
			if [ $EXPIREDAY = $TODAY ]
			then
				echo "Expiration date set to today, use expire.sh"
				rm $PWINFO
				exit 1
			fi
		else
			echo "Expiration date set to today, use a higher number of days or run expire.sh"
			rm $PWINFO
			exit 1
		fi
	else
        	echo "Could not obtain shadowExpire attribute info for $USER - see $PWINFO"
		rm $PWINFO
        	exit 1
	fi
fi

# cat ${LDIFTMPLTDIR}/expire-set.ldif | sed -e "s/UID/${USER}/" -e "s/DNDOMAIN/${DNDOMAIN}/" -e "s/EXPIREDAY/${EXPIREDAY}/" -e "s/EXPIRENUMDAYS/${EXPIRENUMDAYS}/" > ${WORKDIR}/expire-set-${USER}.ldif
cat ${LDIFTMPLTDIR}/expire-set.ldif | sed -e "s/UID/${USER}/" -e "s/DNDOMAIN/${DNDOMAIN}/" -e "s/EXPIREDAY/${EXPIREDAY}/" > ${WORKDIR}/expire-set-${USER}.ldif

ldapmodify -x -w $DIRMGRPW -D "cn=Directory Manager" -h $LDAPSERVER -f ${WORKDIR}/expire-set-${USER}.ldif

if [ $? -eq 0 ]
then
        mv ${WORKDIR}/expire-set-${USER}.ldif ${EXPIREDDIR}
	rm $PWINFO
else
        echo "Error setting shadowExpire attribute for $USER"
	rm $PWINFO
        exit 1
fi