#!/usr/share/ucs-test/runner bash
## desc: Rename Administrator
## tags:
##  - basic
##  - rename_default_account
## roles:
##  - domaincontroller_master
##  - domaincontroller_backup
##  - domaincontroller_slave
##  - memberserver
## exposure: dangerous

. "$TESTLIBPATH/base.sh" || exit 137
. "$TESTLIBPATH/random.sh" || exit 137
. "$TESTLIBPATH/user.sh" || exit 137

USERNAME="$(user_randomname)"

# Create Domain Admin
ADMIN="$(random_chars 5)"

udm-test users/user create --position "cn=users,$ldap_base" \
		--set username="$ADMIN" --set lastname="$ADMIN" \
		--set password=univention \
		--set primaryGroup="cn=Domain Admins,cn=groups,$ldap_base"

udm-test users/user modify --dn "uid=Administrator,cn=users,$ldap_base" --set username="$USERNAME"

# wait a little bit longer since we have to wait for the slapd restart
trap "udm users/user modify --dn \"uid=$USERNAME,cn=users,$ldap_base\" --set username=\"Administrator\" \
	--binddn \"uid=$ADMIN,cn=users,$ldap_base\" --bindpwd univention; \
	udm-test users/user remove --dn "uid=$ADMIN,cn=users,$ldap_base"; \
	wait_for_replication_and_postrun; wait_for_replication_and_postrun" EXIT

wait_for_replication_and_postrun

if [ "$(ucr get users/default/administrator)" != "$USERNAME" ]; then
	echo "UCR variable users/default/administrator is set to $(ucr get users/default/administrator) instead of $USERNAME"
	exit 1
fi

# Search templates
cat /etc/univention/templates/info/*.info | sed -ne 's|^File: ||p;s|^Multifile: ||p' | sort -u  | while read template; do
	[ "$template" = etc/welcome.msg ] && continue #ignore comment
	[ "$template" = etc/security/pam_env.conf ] && continue #ignore comment
	[ "$template" = etc/samba/base.conf ] && continue # Bug #33896 + Bug 33895
	[ "$template" = etc/samba/smb.conf ] && continue # Bug #33896 + Bug 33895
	[ "$template" = etc/nagios3/nagios.cfg ] && continue #ignore comment
	[ "$template" = etc/issue ] && continue #ignore comment
	[ "$template" = etc/bind/named.conf.samba4 ] && continue # Bug #33892
	
	echo -n "Checking $template: "
	if [[ "$template" == etc/security/access-* ]]; then
		grep "Administrator," "/$template" && exit 1
	else
		grep -i administrator "/$template" && exit 1
	fi
	echo "done"
done

for file in /etc/ldap/slapd.conf \
		/etc/security/access-nagios.conf; do
	test "$file" = "/etc/ldap/slapd.conf" -a "$server_role" != domaincontroller_master && continue
	test -e $file || continue
	echo -n "Checking if new admin username is set to $file: "
	if grep "$USERNAME" $file; then
		echo "done"
	else
		echo "failed"
		echo "************** $file ***************"
		cat $file
		echo "****************************************"
		exit 1
	fi
done

exit "$RETVAL"

