#!/bin/sh

set -eu

if [ "${1:-}" != '--auto' ]; then
  cat <<EOF
Run the following commands as root in your LDAP-master:
(if you have not already done so)

  FQDN=$(cat /etc/puavo/hostname).$(cat /etc/puavo/domain)
  REALM=$(cat /etc/puavo/kerberos/realm)
  kadmin.local -r \${REALM} -q "addprinc -randkey ldap/\${FQDN}"
  kadmin.local -r \${REALM} -q "addprinc -randkey host/\${FQDN}"
  kadmin.local -r \${REALM} -q "addprinc -randkey IPP/\${FQDN}"
  kadmin.local -r \${REALM} -q "addprinc -randkey nfs/\${FQDN}"
  kadmin.local -r \${REALM} -q "addprinc -randkey HTTP/\${FQDN}"
  kadmin.local -r \${REALM} -q "addprinc -randkey -e \"aes256-cts-hmac-sha1-96:normal des3-hmac-sha1:normal\" cifs/\${FQDN}"

  Press ENTER when ready.
EOF
  read ready
fi

puavo-init-ldap-slave --force

if [ "${PUAVO_BOOTSERVER_INSTALLATION:-}" = 'true' ]; then
  # this must be run after puavo-init-ldap-slave
  # and before puavo-init-kdc-slave
  /etc/puavo-conf/scripts/setup_samba
fi

puavo-init-kdc-slave --force
