##############################################################
# Copy members from Lotus Domino groups to Tivoli LDAP groups.  
##############################################################

puts "\n executing [info script]\n"

# make script drive independent.

set drive [lindex [file split [info script]] 0 ] 

puts "\n proclib = $drive/scripts/TCL/proclib"

source [ file join $drive /scripts/TCL/proclib/checkFile_proc.tcl    ]
source [ file join $drive /scripts/TCL/proclib/smtp_proc.tcl         ]
source [ file join $drive /scripts/TCL/proclib/netSend_proc.tcl      ]
source [ file join $drive /scripts/TCL/proclib/reportHeader_proc.tcl ]

package require ldap 

###########################################
# Get the members of the group from Lotus 
# For each Lotus member get the UID 
# Get the base dn of the groups in ldap 
# Get the base dn of the corresponding member in ldap
# Update the ldap group. 
###########################################

proc replicateGroups { groupList s1 s2 bindDn pw reportFileId attr } {

    global sourceServer 
    global targetServer

    # group membership information is returned as given name and surname.
    # Get the uid using given name and surname.

    foreach { x } $groupList {

       puts               [ format "\n%-30s %s" { } {***********} ]
       puts $reportFileId [ format "\n%-30s %s" { } {***********} ]

       puts "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to  \"[lindex $x 1 ]\"\.\n"
       puts $reportFileId "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to \"[lindex $x 1 ]\"\.\n"

       set sourceGroupCn (cn=[lindex $x 0 ])
 
       # search from the root dse by using a null string for the base option. 

       if { [ catch { ldap::search $sourceServer "" "$sourceGroupCn" {member} } r ] == 0 } {

           # search returns null if no matches.

	   foreach i [ lindex $r 0 1 1 ]  { 

	       set cn [ string trimright $i {,o=ABC} ] 

	       set uid [ lindex [ ldap::search $sourceServer "o=ABC" ($cn) {uid} ] 0 1 1 ]

               # Lotus Notes Ldap groups may contain members that no longer exist in Lotus Schema hence uid may be null string.  

               if { [ string is space -strict $uid ] == 1 || $uid == {} } {
                   puts $reportFileId "############### Error"
                   puts $reportFileId "############### $cn does not exist in Lotus Notes"
               } else {
		       lappend cnList cn\=$uid 
		       unset uid
               }

           }
	      
       } else {

	       puts "r = $r" 

	       puts $reportFileId $r 

	       return -code error $r 

       }

       # skip this loop if the source group is null(not found). 

       if { [ info exist cnList ]  == 1 } {

          # build ldap entry for the IBM ldap group 

	   set targetGroupCn (cn=[lindex $x 1 ])
	   
	  # get the full dn of the target group.

	   set baseDnGroup [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "$targetGroupCn" {cn} ]  0 0 ]

	  # call proc process person to move members to group.

	   processPerson $reportFileId $baseDnGroup $cnList $attr

       } else {

               puts "\n$sourceGroupCn does not exist on Lotus server $s1\."
               puts $reportFileId "\n$sourceGroupCn does not exist on ldap server $s1\."

       }
    }
}

###########################################
# Get the members of the group from Lotus 
# For each Lotus member get the UID 
###########################################
proc processPerson { reportFileId baseDnGroup cnList attr } {

   global sourceServer 
   global targetServer

    
   foreach i $cnList {

      # get the full dn of the target person.
      # we assume that the target person is already in the ldap schema but not in the group. 
      # NB the cn of the target person must be unique in the schema. 
      # NB the cn must exist in the schema. 
       
      set baseDnPerson [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {cn}] 0 0 ]
      
      if { [ string is space -strict $baseDnPerson ] == 1 || $baseDnPerson == {} } {

          puts $reportFileId "\n############### Error"
          puts $reportFileId "############### $i does not exist in IBM Ldap"

      } else {

	 # check whether the person is already a member of the group

	 set memberOf [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {ibm-allGroups} ] 0 1 1 ]

	 if { [ lsearch -regexp $memberOf "(?ni)$baseDnGroup" ] != -1 } {

             puts "\nEntry $baseDnPerson is already a member of $baseDnGroup" 
             puts $reportFileId "\nEntry $baseDnPerson is already a member of $baseDnGroup"
         } else {

	     puts "\nAdd $baseDnPerson to $baseDnGroup" 
	     puts $reportFileId "\nAdd $baseDnPerson to $baseDnGroup" 

	     puts "\nldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] "
	     if { [ catch { [ ldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] ] } r ] == 0 } {
		 puts "\n$baseDnPerson added to $baseDnGroup" 
		 puts $reportFileId "\n$baseDnPerson added to $baseDnGroup" 
	     } else {
		 puts "\n$r" 
		 puts $reportFileId "\n$r"
	     }
         }
      }
   }
}
###########################################
# Email Report 
###########################################

proc emailReport { reportFile reportFileId } {

   flush $reportFileId  

   set computerName $::env(COMPUTERNAME)
   set subject "$computerName - Lotus - LDAP Replication"   
   sendSimpleMessage youremail@xxx.com $subject $reportFile

}
######################################
# Control Section. 
######################################

######################################
# Set Variables
######################################

set fileDate [ clock format [ clock seconds ] -format %Y-%m-%d_%H.%M.%S ]

set reportFile  [ file join $drive reports/ldap/lotusReplicationGroups_$fileDate\.txt ]

set s1      xxxxxxx
set s2      yyyyyyy
set bindDn  "cn=frrfr" 
set pw      password
set attr    uniqueMember 

puts "\ns1 = $s1"
puts "s2 = $s2\n"
puts "reportfile    = $reportFile\n"

######################################
# Report Header. 
######################################

set reportFileId [ open $reportFile w ]
set header       "$::env(COMPUTERNAME) - Lotus LDAP Replication"
set baseDN       "ou=ldapgroups,o=ABC,dc=com.au,c=au" 
reportHeader     $reportFileId $header $reportFile

# map the Lotus Roles to the LDAP groups

lappend groupList [ list "DominoGroup 1"  LdapGroup1 ]
lappend groupList [ list "DominoGroup 2"  LdapGroup2 ]
lappend groupList [ list "DominoGroup 3"  LdapGroup3 ]
lappend groupList [ list "DominoGroup 4"  LdapGroup4 ]

# connect to ldap 

set sourceServer [ ldap::connect $s1 389 ]

::ldap::bind $sourceServer 

set targetServer [ ldap::connect $s2 389 ]

::ldap::bind $targetServer $bindDn $pw

global sourceServer
global targetServer

######################################
# Extract dominoPersons from Lotus. 
######################################

if { [ catch { replicateGroups $groupList $s1 $s2 $bindDn $pw $reportFileId $attr } r ] == 0 } {

   puts "\nr = $r" 

   } else { 

   puts "\n = $r" 
   puts $reportFileId \n$r 

} 

::ldap::unbind $sourceServer 
::ldap::unbind $targetServer 
::ldap::disconnect $sourceServer 
::ldap::disconnect $targetServer 

emailReport $reportFile $reportFileId

close $reportFileId

######################################
# END.
######################################