#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "Check synchronisation of maxPwdAge"
## exposure: dangerous
## roles:
##  - domaincontroller_master
## packages:
## - univention-s4-connector
## bugs: [29775]

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/udm.sh
. "$TESTLIBPATH/udm.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137

. "s4connector.sh" || exit 137

[ -n "${connector_s4_ldap_host:-}" ] || exit 137
connector_running_on_this_host || exit 137

get_ucs_age ()
{
	univention-ldapsearch "sambaDomainName=${windows_domain:-}" | VAL sambaMaxPwdAge
}

get_s4_age ()
{
	univention-s4search -s base maxPwdAge | VAL maxPwdAge
}

check_s4_age ()
{
	s4_age=$(get_s4_age)
	expected_age=$1
	[ "$s4_age" = "$expected_age" ] ||
		fail_test 110 "maxPwdAge is $s4_age, expected: $expected_age"
}

set_ucs_age ()
{
	dn="$(univention-ldapsearch "sambaDomainName=$windows_domain" -LLL 1.1 | dn1)"
	echo "dn: $dn
changetype: modify
replace: sambaMaxPwdAge
sambaMaxPwdAge: $1
" | ldapmodify -x -D "cn=admin,$ldap_base" -y /etc/ldap.secret
}

OLD_VALUE=$(get_ucs_age)

set_ucs_age 864000
ad_wait_for_synchronization; fail_bool 0 110
check_s4_age -8640000000000

set_ucs_age -1
ad_wait_for_synchronization; fail_bool 0 110
check_s4_age 0

set_ucs_age 864000
ad_wait_for_synchronization; fail_bool 0 110
check_s4_age -8640000000000

set_ucs_age 0
ad_wait_for_synchronization; fail_bool 0 110
check_s4_age 0

set_ucs_age "$OLD_VALUE"
ad_wait_for_synchronization; fail_bool 0 110

exit "$RETVAL"
