#!/usr/share/ucs-test/runner python
## desc: Check if there are any school-slaves with the attribute userAccountControl of a windows computer
## packages: [ucs-school-import, univention-samba4, univention-s4-connector]
## bugs: [50280]
## roles:
## - domaincontroller_master
## tags: [apptest]
## exposure: safe

from __future__ import print_function
from subprocess import Popen, PIPE

from ldap.filter import filter_format

import univention.testing.utils as utils

if __name__ == '__main__':
	print("\nChecking if the attribute userAccountControl is set correctly on all domaincontroller slaves")

	schoolslaves_cn = [x[1]['cn'][0] for x in utils.get_ldap_connection().search('univentionObjectType=computers/domaincontroller_slave', attr=['cn'])]
	print('List of Ucs-school-slaves: %s' % (schoolslaves_cn,))

	for slave in schoolslaves_cn:
		p2 = Popen(['univention-s4search', '--cross-ncs', filter_format('(&(cn=%s)(userAccountControl:1.2.840.113556.1.4.803:=4096))', (slave,))], stdout=PIPE, stderr=PIPE, shell=False)
		(stdout, stderr) = p2.communicate()
		faulty_schools = []
		for line in stdout.strip().splitlines():
			if line.startswith('dn:'):
				faulty_schools.append(line.split(':')[1])
		if faulty_schools:
			utils.fail("\nTest failed. School slaves with incorrect userAccountControl found.\n%s\n" % (faulty_schools,))
