#!/bin/bash
#
# File: ldap-acl
# Description: LDAP ACL display
# Author: Bill MacAllister <bill@ca-zephyr.org>
# Copyright: 2022 Bill MacAllister <bill@ca-zephyr.org>
# Copyright: 2023 CZ Software

function read_acl {
    thisHost=$1
    cmd='ldapsearch -x -LLL'
    cmd+=" -H ldap://$thisHost"
    cmd+=' -o ldif-wrap=no'
    cmd+=' -b cn=config'
    $cmd "olcAccess=*" olcAccess | ldap-schema-pp
}

case $1 in
    help)
        echo "Usage: ldap-acl [help|manual|<hostname>]"
        exit 1
        ;;
    manual)
        pod2text $0
        exit
        ;;
    *)
        if [ "$1" = "" ]
        then
            thisHost="127.0.0.1"
        else
            thisHost=$1
        fi
        read_acl $thisHost
        ;;
esac

exit

DOCUMENTATION=<<EOF

=head1 NAME

ldap-acl - Print LDAP ACLs

=head1 SYNOPSIS

ldap-acl [help|manual|<hostname>]"

=head1 DESCRIPTION

This script performs a ACL search of cn=config and passes the output
through the ldap-schema-pp script.  ldap-schema-pp reformats the output
to make it more readable.

=head1 AUTHOR

Bill MacAllister <bill@ca-zephyr.org>

=head1 COPYRIGHT

Copyright 2022 Bill MacAllister <bill@ca-zephyr.org>

Copyright 2023 CZ Software

License: Apache License, Version 2.0.

You may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

=cut

EOF
