#!/usr/bin/python3
#
# Like what you see? Join us!
# https://www.univention.com/about-us/careers/vacancies/
#
# Copyright 2004-2025 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.

"""Added objectClass shaowAccount to computer objects."""

import ldap

import univention.config_registry
import univention.uldap


def main():
    # type: () -> None
    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()

    baseDN = ucr['ldap/base']

    lo = univention.uldap.getAdminConnection().lo

    count_changes = 0
    warning = 0

    print("\n  proof if computer-accounts have objectClass shadowAccount")

    res_pA = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, '(&(objectClass=univentionHost)(objectClass=posixAccount)(!(objectClass=shadowAccount)))', ['objectClass'])

    print("found %s Hosts which need to be changed:\n" % len(res_pA))

    for posix_account, _ in res_pA:
        modlist = [(ldap.MOD_ADD, 'objectClass', b'shadowAccount')]
        try:
            lo.modify_s(posix_account, modlist)
            count_changes += 1
            print("Modified %s" % posix_account)
        except Exception:
            print("Warning: failed to modify Host %s: " % posix_account)
            warning += 1

    print("changing of", len(res_pA), "Hosts finished, changed", count_changes, "of them (", warning, " warnings).\n")


if __name__ == "__main__":
    main()
