#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# Copyright 2004-2022 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.

"""
Added objectClass shaowAccount to computer objects.
"""

from __future__ import print_function

import ldap

import univention.config_registry
import univention.uldap


def main():
	# type: () -> None
	ucr = univention.config_registry.ConfigRegistry()
	ucr.load()

	baseDN = ucr['ldap/base']

	lo = univention.uldap.getAdminConnection().lo

	count_changes = 0
	warning = 0

	print("\n  proof if computer-accounts have objectClass shadowAccount")

	res_pA = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, '(&(objectClass=univentionHost)(objectClass=posixAccount)(!(objectClass=shadowAccount)))', ['objectClass'])

	print("found %s Hosts which need to be changed:\n" % len(res_pA))

	for posix_account, _ in res_pA:
		modlist = [(ldap.MOD_ADD, 'objectClass', b'shadowAccount')]
		try:
			lo.modify_s(posix_account, modlist)
			count_changes += 1
			print("Modified %s" % posix_account)
		except Exception:
			print("Warning: failed to modify Host %s: " % posix_account)
			warning += 1

	print("changing of", len(res_pA), "Hosts finished, changed", count_changes, "of them (", warning, " warnings).\n")


if __name__ == "__main__":
	main()
