#!/usr/share/ucs-test/runner bash 
# shellcheck shell=bash
## desc: "Test moving user in and out of ignorefilter"
## exposure: dangerous
## packages:
## - univention-ad-connector
## tags:
##  - skip_admember
## bugs:
##  - 52261

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137

. "adconnector.sh" || exit 137
test -n "$connector_ad_ldap_host" || exit 137

. /usr/share/univention-lib/ucr.sh


SYNCMODE="$(ad_get_sync_mode)"
ad_set_sync_mode "sync"
ignorefilter="$(ucr get connector/ad/mapping/user/ignorefilter)"
ucr set connector/ad/mapping/user/ignorefilter="description=abc"
invoke-rc.d univention-ad-connector restart

user1="$(random_chars)"

UDM_users_user_username="$user1"
UDM_users_user_password="Univention.99"
UDM_users_user_lastname="test"
AD_DN="CN=$UDM_users_user_username,CN=users,$(ad_get_base)"
echo "### creating user in ucs ###"
udm_create "users/user"
ad_wait_for_synchronization; fail_bool 0 110
echo "### creating attribute in ad to ignore ###"
ad_set_attribute "$AD_DN" "description" "abc"; fail_bool 0 110
echo "### creating attribute in ucs to ignore ###"
udm_modify "users/user" "" "" "" "" --set description="abc" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
echo "### removing ucs user ###"
udm_remove "users/user" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
echo "### unsetting ignorefilter attribute ###"
ad_set_attribute "$AD_DN" "description" "abcdddddd"; fail_bool 0 110
ad_wait_for_synchronization; fail_bool 0 110

output=$(univention-adconnector-list-rejected 2>&1)
if echo "$output" | grep -qi "$UDM_users_user_username"; then
	echo "$output" >&2
	fail_test 110 ""
fi


# cleanup
udm_remove "users/user"
ad_delete "$AD_DN"
ucr set connector/ad/mapping/user/ignorefilter="$ignorefilter"
/usr/share/univention-ad-connector/remove_ad_rejected.py "$AD_DN"
invoke-rc.d univention-ad-connector restart
ad_set_sync_mode "$SYNCMODE"

exit "$RETVAL"
