#!/usr/bin/perl
use feature "switch";
use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;

local $::SERVICE_NAME = "ad_group";
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $fileName = "$DIRECTORY/$::SERVICE_NAME".".ldif";
my $baseDnFileName = "$DIRECTORY/baseDN";

my $data = perunServicesInit::getHashedHierarchicalData;

#Constants
our $A_LOGIN; *A_LOGIN = \'urn:perun:user_facility:attribute-def:virt:login';
our $A_F_BASE_DN;  *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:adBaseDN';
our $A_F_GROUP_BASE_DN;  *A_F_GROUP_BASE_DN = \'urn:perun:facility:attribute-def:def:adGroupBaseDN';
our $A_R_GROUP_NAME;  *A_R_GROUP_NAME = \'urn:perun:resource:attribute-def:def:adGroupName';

# CHECK ON FACILITY ATTRIBUTES
if (!defined($data->getFacilityAttributeValue( attrName => $A_F_GROUP_BASE_DN ))) {
	exit 1;
}
if (!defined($data->getFacilityAttributeValue( attrName => $A_F_BASE_DN ))) {
	exit 1;
}

my $baseGroupDN = $data->getFacilityAttributeValue( attrName => $A_F_GROUP_BASE_DN );
my $baseDN = $data->getFacilityAttributeValue( attrName => $A_F_BASE_DN );

#
# PRINT BASE_DN FILE
#
open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileName: $! \n";
print FILE $baseGroupDN;
close(FILE);

my $groups = {};
my $usersByResource = {};

# FOR EACH RESOURCE
foreach my $resourceId ($data->getResourceIds()) {

	my $group = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_GROUP_NAME );
	$groups->{$group} = 1;

	# FOR EACH MEMBER ON RESOURCE
	foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {

		my $login = $data->getUserFacilityAttributeValue( member => $memberId, attrName => $A_LOGIN );

		unless ($login) {
			# skip users without login = CN
			next;
		}

		# store which users (their DN) are on this resource
		$usersByResource->{$group}->{"CN=" . $login . "," . $baseDN} = 1

	}

}

#
# Print group data LDIF
#
open FILE,">:encoding(UTF-8)","$fileName" or die "Cannot open $fileName: $! \n";

for my $group (sort keys %$groups) {

	print FILE "dn: CN=" . $group . "," . $baseGroupDN . "\n";
	print FILE "cn: " . $group . "\n";
	print FILE "objectClass: group\n";
	print FILE "objectClass: top\n";

	my @groupMembers = sort keys %{$usersByResource->{$group}};
	for my $member (@groupMembers) {
		print FILE "member: " . $member . "\n";
	}

	# there must be empty line after each entry
	print FILE "\n";

}

close FILE;

perunServicesInit::finalize;
