#!/usr/share/ucs-test/runner bash 
# shellcheck shell=bash
## desc: "Set and modify passwords for computers"
## exposure: dangerous
## tags:
##  - basic
##  - apptest
## packages:
## - univention-directory-manager-tools
## roles:
## - domaincontroller_master

# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137

UDM_computers_name="$(random_chars)"
UDM_computers_ip="2.5.1.2"
UDM_computers_mac="05:01:02:03:04:05"

# We want to test the UDM modules, so we stop the S4 connector to prevent side effects
test -x /etc/init.d/univention-s4-connector && /etc/init.d/univention-s4-connector stop

# First create users without a password and change it afterwards
for role in $UDM_ALL_COMPUTER_ROLES; do
	# Can't set password for IP clients
	test "$role" = "computers/ipmanagedclient" && continue

	info "*** Creating: $role ***"

	udm_create "$role" "UDM_computers_" || fail_test 110
	udm_exists "$role" "UDM_computers_" || fail_test 110

	password="Univention123"
	udm "$role" modify --dn "cn=$UDM_computers_name,cn=computers,$ldap_base" --set password="$password" || fail_test 110

	univention-ldapsearch -D "cn=$UDM_computers_name,cn=computers,$ldap_base" -w "$password" -s base -LLL dn || fail_test 110
	udm_verify_ldap_attribute "sambaNTPassword" "18FE30D368841ECEEAD1020693D8FA2F" "$role" "UDM_computers_" || fail_test 110

	password="Univention124"
	udm "$role" modify --dn "cn=$UDM_computers_name,cn=computers,$ldap_base" --set password="$password" || fail_test 110

	univention-ldapsearch -D "cn=$UDM_computers_name,cn=computers,$ldap_base" -w "$password" -s base || fail_test 110
	udm_verify_ldap_attribute "sambaNTPassword" "F5B12255AE165B947A916432B32B0430" "$role" "UDM_computers_" || fail_test 110

	udm_remove "$role" "UDM_computers_" || fail_test 110
	! udm_exists "$role" "UDM_computers_" || fail_test 110
done

# Now create the computers with password
UDM_computers_name="$(random_chars)"
UDM_computers_ip="2.5.1.2"
UDM_computers_mac="05:01:02:03:04:05"
UDM_computers_password="Univention123"

for role in $UDM_ALL_COMPUTER_ROLES; do
	# Can't set password for ip managed clients
	test "$role" = "computers/ipmanagedclient" && continue

	info "*** Creating: $role ***"

	udm_create "$role" "UDM_computers_" || fail_test 110
	udm_exists "$role" "UDM_computers_" || fail_test 110

	univention-ldapsearch -x -D "cn=$UDM_computers_name,cn=computers,$ldap_base" -w "$UDM_computers_password" -s base -LLL dn || fail_test 110
	udm_verify_ldap_attribute "sambaNTPassword" "18FE30D368841ECEEAD1020693D8FA2F" "$role" "UDM_computers_" || fail_test 110

	udm_remove "$role" "UDM_computers_" || fail_test 110
	! udm_exists "$role" "UDM_computers_" || fail_test 110
done
test -x /etc/init.d/univention-s4-connector && /etc/init.d/univention-s4-connector start

exit "$RETVAL"

