#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Try to bind to ldapi as normal user and as user nobody
## bugs: [10529,39811]
## tags:
##  - basic
##  - apptest
## roles:
##  - domaincontroller_master
##  - domaincontroller_backup
##  - domaincontroller_slave
## packages:
##  - univention-config
##  - univention-directory-manager-tools
## exposure: dangerous


# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/maildomain.sh
. "$TESTLIBPATH/maildomain.sh" || exit 137
# shellcheck source=../../lib/undo.sh
. "$TESTLIBPATH/undo.sh" || exit 137

USERNAME=$(user_randomname)

create_mail_domain "$domainname" && undo delete_mail_domain "$domainname"

user_create "$USERNAME" &&
	undo user_remove "$USERNAME" ||
	fail_fast 1 "Failed to create user $USERNAME"

# wait for the replication
i=0
while sleep 1s
do
	if [ $i -lt 120 ]; then
		echo "Waiting for replication..."
		if getent passwd "$USERNAME"; then
			break
		fi
	else
		fail_fast 1 "Waiting for replication longer than two minutes. Replication is probably broken. Test failed."
	fi
	i=`expr $i + 1`
done

echo -e "\n\n***Try to call ldapdelete via the ldapi interface. This shouldn't work."
if ! su - "$USERNAME" -c "ldapdelete -x -H ldapi:/// 'uid=$USERNAME,cn=users,$ldap_base' && echo 'Error: Removed the object as user $USERNAME via ldapi socket.' && exit 1 || exit 0"
then
	fail_test 1
fi
echo -e "\n\n***Try to call ldapdelete via the ldapi interfaceas user nobody. This shouldn't work."
if ! su -s /bin/bash - "nobody" -c "ldapdelete -x -H ldapi:/// 'uid=$USERNAME,cn=users,$ldap_base' && echo 'Error: Removed the object as user nobody via ldapi socket.' && exit 1 || exit 0"
then
	fail_test 1
fi

exit "$RETVAL"
