#!/usr/local/bin/perl

use strict;
use warnings;

use Net::LDAP;
use Authen::SASL;

@ARGV == 2 or die "usage: $0 ROLE_NAME ROSTER_FILE\n";
my $role = $ARGV[0];
my $roster = $ARGV[1];

open my $fh, '<', '/usr/local/etc/openldap/ldap.conf' or quit($!);
my %config;
while (<$fh>) {
  chomp;
  next if /^#/;
  my @pair = split(' ', $_, 2);
  next unless (@pair == 2);
  $config{$pair[0]} = $pair[1];
}
close($fh);

my $mech         = $config{SASL_MECH}  // 'GSSAPI';
my $uri          = $config{URI}        // die("URI not specified\n");
my $users_basedn = $config{USERS_BASE} // die("USERS_BASE not specified\n");
my $roles_basedn = $config{ROLES_BASE} // die("ROLES_BASE not specified\n");

my $conn = Net::LDAP->new($uri, version => '3') or die "$@";
my $sasl = Authen::SASL->new($mech);
my $status = $conn->bind(sasl => $sasl);
$status->code and die $status->error;

my $search = $conn->search(
  scope  => 'sub',
  base   => $users_basedn,
  filter => "(&(memberOf=cn=$role,$roles_basedn)(mailAddress=*))",
  attrs  => ['mailAddress', 'cn']);

open $fh, '>', $roster or die "failed to open file for writing: $roster\n";
print $fh "[Internal]\n";
foreach my $entry ($search->entries) {
  my $jid = ($entry->get_value('mailAddress'))[0];
  my $cn = ($entry->get_value('cn'))[0] // $jid;
  print $fh "$jid=$cn\n";
}
close $fh;

system('prosodyctl reload');