#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "Create and modify AD-User and verify attributes in sync-mode"
## exposure: dangerous
## tags:
##  - basic
## packages:
## - univention-s4-connector


# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137
. "s4connector.sh" || exit 137

#check if ucs-version supports extended mapping of s4-attributes
ext_mapping=false;
current_version="$(dpkg-query -W -f '${Version}' univention-s4-connector)"
if dpkg --compare-versions "$current_version" "gt" "13.0.2-44A~4.4.0.201909190933"; then
	ext_mapping=true;
	echo "Testing extended mapping attributes";
else
	echo "Testing standard attributes";
fi

#unset ignorelist for user attributes
ignore_list_original="$(ucr get connector/s4/mapping/user/attributes/ignorelist)"
ucr unset "connector/s4/mapping/user/attributes/ignorelist"

ad_connector_restart || exit 137

. "s4connector.sh" || exit 137
[ -n "${connector_s4_ldap_host:-}" ] || exit 137
connector_running_on_this_host || exit 137

UDM_users_user_username="$(random_chars)"
UDM_users_user_lastname="$(random_chars)"
UDM_users_user_firstname="$(random_chars)"
UDM_users_user_description="$(random_chars)"
UDM_users_user_street="$(random_chars)"
UDM_users_user_city="$(random_chars)"
UDM_users_user_postcode="$(random_chars)"
UDM_users_user_profilepath="$(random_chars)"
UDM_users_user_scriptpath="$(random_chars)"
AD_DN="CN=$UDM_users_user_username,CN=users,$(ad_get_base)"
UDM_users_user_employeeNumber="a$(random_chars)"
UDM_users_user_employeeType="a$(random_chars)"
UDM_users_user_country="US"
UDM_users_user_loginShell="a$(random_chars)"
UDM_users_user_title="a$(random_chars)"
UDM_users_user_departmentNumber="a$(random_chars)"
UDM_users_user_roomNumber="a$(random_chars)"
UDM_users_user_initials="a$(random_chars 1)"
UDM_users_user_prefdev="any"
AD_users_user_prefdev="0"
UDM_users_user_physicalDeliveryOfficeName="a$(random_chars)"
UDM_users_user_postOfficeBox="a$(random_chars)"
UDM_users_user_preferredLanguage="a$(random_chars)"

SYNCMODE="$(ad_get_sync_mode)"

ad_set_sync_mode "sync"

#We have to wait between all the AD-Commands: See #18501
ad_createuser "$UDM_users_user_username" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "givenName" "$UDM_users_user_firstname" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "sn" "$UDM_users_user_lastname" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "description" "$UDM_users_user_description" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "streetAddress" "$UDM_users_user_street" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "l" "$UDM_users_user_city" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "postalCode" "$UDM_users_user_postcode" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "profilePath" "$UDM_users_user_profilepath" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
ad_set_attribute "$AD_DN" "scriptPath" "$UDM_users_user_scriptpath" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110
if $ext_mapping; then
	ad_set_attribute "$AD_DN" "preferredDeliveryMethod" "$AD_users_user_prefdev" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "employeeNumber" "$UDM_users_user_employeeNumber" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "employeeType" "$UDM_users_user_employeeType" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "c" "$UDM_users_user_country" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "personalTitle" "$UDM_users_user_title" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "loginShell" "$UDM_users_user_loginShell" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "roomNumber" "$UDM_users_user_roomNumber" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "initials" "$UDM_users_user_initials" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "postOfficeBox" "$UDM_users_user_postOfficeBox" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "preferredLanguage" "$UDM_users_user_preferredLanguage" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
fi

if [ "${connector_s4_windows_version:-}" != "win2000" ] || [ "${connector_s4_mapping_user_win2000_description:-}" != "false" ]
then
	udm_verify_udm_attribute "description" "$UDM_users_user_description" "users/user"; fail_bool 0 121 "See #18501"
fi
udm_verify_udm_attribute "username" "$UDM_users_user_username" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "firstname" "$UDM_users_user_firstname" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "lastname" "$UDM_users_user_lastname" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "street" "$UDM_users_user_street" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "city" "$UDM_users_user_city" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "postcode" "$UDM_users_user_postcode" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "profilepath" "$UDM_users_user_profilepath" "users/user"; fail_bool 0 121 "See #18501"
udm_verify_udm_attribute "scriptpath" "$UDM_users_user_scriptpath" "users/user"; fail_bool 0 121 "See #18501"
if $ext_mapping; then
	udm_verify_udm_attribute "employeeNumber" "$UDM_users_user_employeeNumber" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "employeeType" "$UDM_users_user_employeeType" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "shell" "$UDM_users_user_loginShell" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "title" "$UDM_users_user_title" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "roomNumber" "$UDM_users_user_roomNumber" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "preferredDeliveryMethod" "$UDM_users_user_prefdev" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "postOfficeBox" "$UDM_users_user_postOfficeBox" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName" "users/user"; fail_bool 0 121 "See #18501"
	udm_verify_udm_attribute "preferredLanguage" "$UDM_users_user_preferredLanguage" "users/user"; fail_bool 0 121 "See #18501"
fi

ad_verify_attribute "$AD_DN" "description" "$UDM_users_user_description"; fail_bool 0 110
ad_verify_attribute	"$AD_DN" "sAMAccountName" "$UDM_users_user_username"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "givenName" "$UDM_users_user_firstname"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "sn" "$UDM_users_user_lastname"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "l" "$UDM_users_user_city"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "postalCode" "$UDM_users_user_postcode"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "profilePath" "$UDM_users_user_profilepath"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "scriptPath" "$UDM_users_user_scriptpath"; fail_bool 0 110
ad_verify_attribute "$AD_DN" "streetAddress" "$UDM_users_user_street"; fail_bool 0 110
if $ext_mapping; then
	ad_verify_attribute "$AD_DN" "preferredDeliveryMethod" "$AD_users_user_prefdev"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "employeeNumber" "$UDM_users_user_employeeNumber"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "employeeType" "$UDM_users_user_employeeType"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "loginShell" "$UDM_users_user_loginShell"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "personalTitle" "$UDM_users_user_title"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "roomNumber" "$UDM_users_user_roomNumber"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "postOfficeBox" "$UDM_users_user_postOfficeBox"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "preferredLanguage" "$UDM_users_user_preferredLanguage"; fail_bool 0 110
fi
### Test if mapping of user-attributes is configurable via ucr variable 'connector/s4/mapping/user/attributes/ignorelist'
ucr set 'connector/s4/mapping/user/attributes/ignorelist'='preferredDeliveryMethod, employeeNumber,employeeType,departmentNumber,loginShell,unixhome,title,uidNumber,gidNumber,roomNumber,initials,physicalDeliveryOfficeName,postOfficeBox,preferredLanguage'

ad_connector_restart || exit 137
test -n "$connector_s4_ldap_host" || exit 137
connector_running_on_this_host || exit 137

UDM_users_user_employeeNumber="b$(random_chars)"
UDM_users_user_employeeType="b$(random_chars)"
UDM_users_user_country="DE"
UDM_users_user_state="Bremen"
UDM_users_user_loginShell="b$(random_chars)"
UDM_users_user_title="b$(random_chars)"
UDM_users_user_departmentNumber="b$(random_chars)"
UDM_users_user_roomNumber="b$(random_chars)"
UDM_users_user_initials="b$(random_chars 1)"
UDM_users_user_physicalDeliveryOfficeName="b$(random_chars)"
UDM_users_user_postOfficeBox="b$(random_chars)"
UDM_users_user_preferredLanguage="b$(random_chars)"

if $ext_mapping; then
	ad_set_attribute "$AD_DN" "employeeNumber" "$UDM_users_user_employeeNumber" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "employeeType" "$UDM_users_user_employeeType" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "personalTitle" "$UDM_users_user_title" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "loginShell" "$UDM_users_user_loginShell" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "roomNumber" "$UDM_users_user_roomNumber" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "initials" "$UDM_users_user_initials" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "postOfficeBox" "$UDM_users_user_postOfficeBox" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110
	ad_set_attribute "$AD_DN" "preferredLanguage" "$UDM_users_user_preferredLanguage" || fail_test 110
	ad_wait_for_synchronization; fail_bool 0 110

	ad_verify_attribute "$AD_DN" "employeeNumber" "$UDM_users_user_employeeNumber"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "employeeType" "$UDM_users_user_employeeType"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "loginShell" "$UDM_users_user_loginShell"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "personalTitle" "$UDM_users_user_title"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "roomNumber" "$UDM_users_user_roomNumber"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "postOfficeBox" "$UDM_users_user_postOfficeBox"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName"; fail_bool 0 110
	ad_verify_attribute "$AD_DN" "preferredLanguage" "$UDM_users_user_preferredLanguage"; fail_bool 0 110

	udm_verify_udm_attribute "employeeNumber" "$UDM_users_user_employeeNumber" "users/user"; fail_bool 1 121 "connector/s4/mapping/user/attributes/ignorelist does not apply"
	udm_verify_udm_attribute "employeeType" "$UDM_users_user_employeeType" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "shell" "$UDM_users_user_loginShell" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "title" "$UDM_users_user_title" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "roomNumber" "$UDM_users_user_roomNumber" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "postOfficeBox" "$UDM_users_user_postOfficeBox" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "physicalDeliveryOfficeName" "$UDM_users_user_physicalDeliveryOfficeName" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
	udm_verify_udm_attribute "preferredLanguage" "$UDM_users_user_preferredLanguage" "users/user"; fail_bool 1 121 'connector/s4/mapping/user/attributes/ignorelist does not apply'
fi

ucr set 'connector/s4/mapping/user/attributes/ignorelist'="$ignore_list_original"

ad_delete "$AD_DN" || fail_test 110
ad_wait_for_synchronization; fail_bool 0 110

udm_exists "users/user"; fail_bool 1 110
ad_exists "$AD_DN"; fail_bool 1 110

ad_set_sync_mode "$SYNCMODE"
ad_connector_restart

exit "$RETVAL"
