#! /bin/bash
#

LDAP=${ldaphost:-ldaps://ldap.nikhef.nl/}
BASE=${ldapbase:-dc=farmnet,dc=nikhef,dc=nl}

while [ "$#" -gt 0 ]
do
  case "$1" in
  -D    ) BINDDN="$2"; shift 2 ;;
  -w    ) BINDPW="$2"; shift 2 ;;
  -y    ) BINDPWFILE="$2"; shift 2 ;;
  -H    ) LDAP="$2"; shift 2 ;;
  -b    ) BASE="$2"; shift 2 ;;
  -h    ) echo "Usage: $0 [-H ldapurl] [-b basedn] [-D binddn] [-w bindpw] [-y bindpwfile]"
          echo "  default ldapurl $LDAP"
          echo "  default basedn  $BASE"
          exit 0 ;;
  -*    ) echo "Unknown option $1, exiting." >&2 ; exit 1 ;;
  *     ) break ;;
  esac
done

OPT=""
[ "$BINDDN" != "" ] && OPT="$OPT -D \"$BINDDN\""
[ "$BINDPW" != "" ] && OPT="$OPT -w \"$BINDPW\""
[ "$BINDPWFILE" != "" ] && OPT="$OPT -y \"$BINDPWFILE\""

( ldapsearch -LL -oldif-wrap=no -x -H "$LDAP" -b "$BASE" $OPT '(sshPublicKey=*)' uid cn sshPublickey | perl -ne '/^cn: (.*)$/ and $cn=$1; /^uid: (.*)$/ and $uid = $1; /^sshPublicKey: (ssh-\w+\s+\S+).*$/ and push @keys,$1; /^$/ and do { foreach $key ( @keys ) { @k=split / /,$key; print "$uid $k[1] $cn\n";} @keys=(); }' ) | ( while read uid k cn ; do hash=`echo -ne "$k" | base64 -d | sha256sum | perl -ne 'print pack "H*", $_;'| base64`  ; echo -ne "$uid\t$hash ($cn)\n" ; done )
