#!/usr/bin/python2.7
#
# Copyright 2012-2014 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

'''
Univention Directory Manager Tools
This tool removes the sambaPwdMustChange value from all accounts
'''

import sys, copy, ldap
import univention.admin
import univention.admin.uldap
from optparse import OptionParser

if __name__ == '__main__':

	ACTIONS = ( 'test', 'remove' )

	parser = OptionParser( usage = 'Usage: %%prog (%s)\nremove the sambaPwdMustChange value from all accounts' % '|'.join(ACTIONS) )
	(options, args) = parser.parse_args()

	# check argument (action)
	if not args:
		print >>sys.stderr, ''
		print >>sys.stderr, 'warning: no action given. default is test'
		print >>sys.stderr, ''
		args = ['test']

	if args[0] not in ('test', 'remove'):
		print >>sys.stderr, 'error: unknown action %s' % args[0]
		parser.print_help()
		sys.exit(3)

	action = args[0]

	configRegistry = univention.config_registry.ConfigRegistry()
	configRegistry.load()

	lo, position = univention.admin.uldap.getAdminConnection()

	res = lo.search('sambaPwdMustChange=*', attr=['sambaPwdMustChange'])

	if len(res) < 1:
		print 'No user with sambaPwdMustChange was found.'
	else:
		for ob in res:
			print 'Remove sambaPwdMustChange (%s) for %s' % (ob[1].get('sambaPwdMustChange', [])[0], ob[0],), 
			if action == 'remove':
				lo.modify(ob[0], [('sambaPwdMustChange', ob[1].get('sambaPwdMustChange', []), '')])
				print 'done'
			else:
				print '(testing mode)'

