#!/bin/bash
#
# Create a self-signed certificate for LDAP
#

set -e

CERT="/etc/ldap/slapd.crt"
KEY="/etc/ldap/slapd.key"
CONF="/etc/ldap/slapd.cnf"
TEMPLATE="${target}/usr/share/ssl-cert/ssleay.cnf"
HostName="${HOSTNAME}.intern"

if [ -f $target/$CERT ] && [ -f $target/$KEY ]; then
  echo "$CERT and $KEY exists, exiting!"
  exit 0
fi

sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
echo "subjectAltName=DNS:$HostName,DNS:$HOSTNAME,DNS:ldap.intern,DNS:ldap" >> ${target}/$CONF

$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY

$ROOTCMD chmod 600 $KEY $CONF
$ROOTCMD chown openldap:openldap $KEY

ifclass FAISERVER || exit 0

## Add the LDAP certificate to the fai config space:
$ROOTCMD mkdir -pv /srv/fai/config/files/${CERT}/
$ROOTCMD cp -v $CERT /srv/fai/config/files/${CERT}/LDAP_CLIENT
