#!/usr/share/ucs-test/runner python3
## desc: Check default primary group membership after users/user create
## tags: [udm,apptest]
## roles: [domaincontroller_master]
## exposure: careful
## packages:
##   - univention-config
##   - univention-directory-manager-tools


import univention.testing.utils as utils
import univention.testing.udm as udm_test
from univention.admin.uldap import position

if __name__ == '__main__':
	with udm_test.UCSTestUDM() as udm:
		# from users/user: lookup univentionDefaultGroup
		lo = utils.get_ldap_connection()
		pos = position(lo.base)
		searchResult = lo.search(filter='(objectClass=univentionDefault)', base='cn=univention,' + pos.getDomain(), attr=['univentionDefaultGroup'])
		if not searchResult or not searchResult[0][1]:
			utils.fail('Test system is broken: univentionDefaultGroup value not found')
		groupdn = searchResult[0][1]['univentionDefaultGroup'][0].decode('utf-8')

		# lookup previous members for comparison
		searchResult = lo.search(base=groupdn, scope='base', attr=['uniqueMember', 'memberUid'])
		if not searchResult or not searchResult[0][1]:
			utils.fail('Test system is broken: univentionDefaultGroup object missing: %s' % groupdn)
		uniqueMember = searchResult[0][1]['uniqueMember']
		memberUid = searchResult[0][1]['memberUid']

		# now create users/user object
		userdn, uid = udm.create_user(primaryGroup=groupdn)

		# and check if the object has been added to univentionDefaultGroup
		uniqueMember.append(userdn.encode('utf-8'))
		memberUid.append(uid.encode('utf-8'))
		utils.verify_ldap_object(groupdn, {'uniqueMember': uniqueMember})
		utils.verify_ldap_object(groupdn, {'memberUid': memberUid})
