#!/usr/share/ucs-test/runner python2.7
## desc: test ldap constraints
## bugs: [43312]
## roles:
##  - domaincontroller_master
## packages:
##  - python-univention-lib
##  - python-ldap
## exposure: dangerous

from __future__ import print_function
import ldap
import pytest
import atexit

import univention.uldap
from univention.config_registry import ConfigRegistry
ucr = ConfigRegistry()
ucr.load()


def main():
	test_uidnumber_0()
	test_gidnumber_0()


def test_uidnumber_0():
	lo = univention.uldap.getAdminConnection()
	dn = 'cn=foo,%s' % ucr['ldap/base']
	cleanup.dns.append(dn)
	with pytest.raises(ldap.CONSTRAINT_VIOLATION) as msg:
		print('add', dn)
		lo.add(dn, [
			('objectClass', '', 'posixAccount'),
			('objectClass', '', 'organizationalRole'),
			('cn', '', 'foo'),
			('uid', '', 'foo'),
			('homeDirectory', '', '/home/foo'),
			('uidNumber', '', '0'),
			('gidNumber', '', '1'),
		])
	print(msg)
	assert msg.value.args[0]['info'] == 'add breaks constraint on uidNumber'


def test_gidnumber_0():
	lo = univention.uldap.getAdminConnection()
	dn = 'cn=bar,%s' % ucr['ldap/base']
	cleanup.dns.append(dn)
	with pytest.raises(ldap.CONSTRAINT_VIOLATION) as msg:
		print('add', dn)
		lo.add(dn, [
			('objectClass', '', 'posixAccount'),
			('objectClass', '', 'organizationalRole'),
			('cn', '', 'bar'),
			('uid', '', 'bar'),
			('homeDirectory', '', '/home/bar'),
			('uidNumber', '', '1'),
			('gidNumber', '', '0'),
		])
	print(msg)
	assert msg.value.args[0]['info'] == 'add breaks constraint on gidNumber'


def cleanup():
	lo = univention.uldap.getAdminConnection()
	for dn in cleanup.dns:
		lo.get(dn) and lo.delete(dn)


if __name__ == '__main__':
	atexit.register(cleanup)
	cleanup.dns = []
	main()
