#dsctl cavemanon remove --do-it
dscreate from-file ./instance.inf 

#Set up CA Certs from Lets Encrypt to avoid doing self-signing schenanigans
#Documentation: https://www.dennogumi.org/2021/10/setting-up-lets-encrypt-certificates-for-the-389-ds-ldap-server/

wget --continue --directory-prefix /tmp/ https://letsencrypt.org/certs/lets-encrypt-r3.pem https://letsencrypt.org/certs/isrgrootx1.pem 

dsconf -v -D "cn=Directory Manager" cavemanon security ca-certificate add --file /tmp/isrgrootx1.pem --name "ISRG"
dsconf -v -D "cn=Directory Manager" cavemanon security ca-certificate add --file /tmp/lets-encrypt-r3.pem --name "R3"

dsctl -v cavemanon tls import-server-key-cert /etc/letsencrypt/live/dev.cavemanon.xyz/fullchain.pem /etc/letsencrypt/live/dev.cavemanon.xyz/privkey.pem
#dsconf -v -D "cn=Directory Manager" cavemanon security certificate add --file /etc/letsencrypt/live/dev.cavemanon.xyz/fullchain.pem --primary-cert --name "LetsEncrypt"

dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-securePort=636 nsslapd-security=on

#disable insecure ports
dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-port=0
#disable anonymous logons
#Documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/disabling-anon-binds
dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-allow-anonymous-access=rootdse

systemctl restart dirsrv@cavemanon.service

openssl s_client -connect dev.cavemanon.xyz:636 || exit 1 #verify shit works

# memberOf plugin enable
# https://www.port389.org/docs/389ds/howto/quickstart.html
dsconf cavemanon plugin memberof enable
dsctl cavemanon restart
dsconf cavemanon plugin memberof set --scope dc=dev,dc=cavemanon,dc=xyz
dsidm cavemanon user modify MichaelYick add:objectclass:nsmemberof
dsconf cavemanon plugin memberof fixup dc=dev,dc=cavemanon,dc=xyz

#https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/dna#dna-config-entry

dsconf cavemanon plugin dna enable

#https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/dna#configuring_unique_number_assignments_using_the_command_line
dsconf cavemanon plugin dna config "Account UIDs" add --type uidNumber --filter "(objectclass=posixAccount)" --scope ou=people,dc=dev,dc=cavemanon,dc=xyz --next-value 1000 --max-value 6650 --threshold 100 --range-request-timeout 60 --magic-regen -1
dsconf cavemanon plugin dna config "Account GIDs" add --type gidNumber --filter "(objectclass=posixAccount)" --scope ou=people,dc=dev,dc=cavemanon,dc=xyz --next-value 1000 --max-value 6650 --threshold 100 --range-request-timeout 60 --magic-regen -1

dsctl cavemanon restart

dsidm cavemanon group create --cn TechMaster
dsidm cavemanon group create --cn Administration
dsidm cavemanon group create --cn Exit665
dsidm cavemanon group create --cn Wani
dsidm cavemanon group create --cn SnootGame
dsidm cavemanon group create --cn Shop

dsidm cavemanon service create --cn overwatch --description "Read-only access to the LDAP server"
dsidm cavemanon service modify overwatch add:userPassword:'INSERTPASSWORDHERE'

dsidm -b dc=dev,dc=cavemanon,dc=xyz cavemanon user create --uid MichaelYick --cn MichaelYick --displayName 'Michael Yick' --uidNumber -1 --gidNumber -1 --homeDirectory /home/MichaelYick