#!/bin/bash
# Copyright (c) 2011 Alexander Sulfrian
# This script should check if only that user exists, that are created
# by the lduseradd script.

tmp=$(mktemp)
ldapsearch | grep "^dn: uid=[a-z]\+,ou=People,dc=spline" | sort > "${tmp}"

grep -v "^[[:blank:]]*\(#\|$\)" /var/db/useradd/users.log | sort | \
	diff -u - "${tmp}" | \
	sed -n 's/^+dn: uid=\([a-z]\+\),.*$/\1/ p' | \
	while read user; do
		sendmail -t <<EOM
Subject: WARNING: New user detected!
From: root@plonk.spline.inf.fu-berlin.de
To: spline@lists.spline.inf.fuf-berlin.de

WARNING: The following user was not created by the lduseradd tool

$(ldapsearch -LLL "uid=$user")
EOM

		echo "# new user detected at: $(date)" >> /var/db/useradd/users.log
		echo "# WARNING: THIS USER WAS NOT CREATED BY THE LDUSERADD TOOL" >> /var/db/useradd/users.log
		echo "dn: uid=$user,ou=People,dc=spline,dc=inf,dc=fu-berlin,dc=de" >> /var/db/useradd/users.log
		echo >> /var/db/useradd/users.log
	done

# clean up
rm -f ${tmp}