#!/bin/bash

# eval "$(ucr shell)"
# ucs_gpo_dn="cn={31B2F340-016D-11D2-945F-00C04FB984F9},cn=Policies,cn=System,$ldap_base"
/etc/init.d/univention-s4-connector stop

ucs_gpo_ldif=$(univention-ldapsearch -xLLL '(&(objectclass=msGPOContainer)(cn={31B2F340-016D-11D2-945F-00C04FB984F9}))' | ldapsearch-wrapper | ldapsearch-decode64)

ucs_gpo_dn=$(sed -n 's/^dn: //p' <<<"$ucs_gpo_ldif")
old_version=$(sed -n 's/^msGPOVersionNumber: //p' <<<"$ucs_gpo_ldif")
new_version=$(($old_version + 1))


udm container/msgpo modify --dn "$ucs_gpo_dn" \
	--set msGPOVersionNumber="$new_version"


## Now the evil part: We also modify the S4-Object, but to a different value:

s4_gpo_dn=$(univention-s4search '(&(objectClass=groupPolicyContainer)(cn={31B2F340-016D-11D2-945F-00C04FB984F9}))' dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -n 's/^dn: //p')

ldbmodify -H /var/lib/samba/private/sam.ldb <<%EOF
dn: $s4_gpo_dn
changetype: modify
replace: versionNumber
versionNumber: $(($old_version+10))
%EOF

/etc/init.d/univention-s4-connector start
sleep 3
univention-s4connector-list-rejected