#!/usr/bin/python
from samba.auth import system_session
from samba.param import LoadParm
from samba.samdb import SamDB
from samba.upgradehelpers import increment_calculated_keyversion_number
import ldb
import ldap
from univention.config_registry import ConfigRegistry
import sys

def ldap_search():
	dict = {}
	try:
		ldap_master = ucr['ldap/master']
		ldap_master_port = int(ucr.get('ldap/master/port', 7389))
		l = ldap.open(ldap_master, port=ldap_master_port)
		l.simple_bind_s(ucr['ldap/hostdn'], open('/etc/machine.secret').read().strip())
	except ldap.LDAPError, error_message:
		print "Couldn't Connect LDAP server %s: %s " % (ldap_master, error_message)
		return dict

	try:
        	result = l.search_s(ucr['ldap/base'], ldap.SCOPE_SUBTREE, '(&(objectClass=sambaSamAccount)(!(objectClass=univentionHost)))', ['uid', 'krb5KeyVersionNumber'])
		for msg in result:
			dict[ msg[1]['uid'][0] ] = msg[1]['krb5KeyVersionNumber'][0]
	except ldap.LDAPError, error_message:
		print error_message

	return dict

if __name__ == "__main__":
	lp = LoadParm()
	lp.load('/etc/samba/smb.conf')

	samdb = SamDB(lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp)

	ucr = ConfigRegistry()
	ucr.load()

	for uid, keyversion in ldap_search().items():
		res = samdb.search(base=samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression='(sAMAccountName=%s)' % uid, attrs=['msDS-KeyVersionNumber'])
		for msg in res:
			dict = { str(msg['dn']).lower(): keyversion }
			print "%s: incrementing msDS-KeyVersionNumber to %s" % (uid, keyversion)
			increment_calculated_keyversion_number(samdb, samdb.domain_dn(), dict)