#/bin/bash

set -e

eval "$(ucr shell)"

domainsid=$(univention-s4search -s base objectSid | sed -n 's/^objectSid: //p')
if [ -z "$domainsid" ]; then
	echo "Cannot determine Samba/AD domain SID"
	exit 1
fi

myS4DN=$(univention-s4search \
	"sAMAccountName=${hostname}$" \
	dn | sed -n 's/^dn: //p')
if [ -z "$myS4DN" ]; then
	echo "Cannot determine this servers DN in Samba/AD"
	exit 1
fi

myRIDSetDN="CN=RID Set,$myS4DN"

lastSambaRid() {
	lastRID=$(univention-s4search \
		-b "$myRIDSetDN" \
		rIDNextRID | sed -n 's/^rIDNextRID: //p')
	echo "$lastRID"
}

while read uid; do
	## show current obectSid
	ldif=$(univention-s4search "sAMAccountName=$uid" objectSid | grep -A2 ^dn:)
	if [ -z "$ldif" ]; then
		echo "Cannot find sAMAccountName=$uid in Samba/AD"
		exit 1
	fi
	echo -e "$ldif\n"
	dn=$(sed -n 's/^dn: //p' <<<"$ldif")
	
	lastrid=$(lastSambaRid)
	if [ -z "$lastrid" ]; then
		echo "cannot determine last assigned SID"
		exit 1
	fi
	nextrid=$(($lastrid+1))

	ldbmodify -H /var/lib/samba/private/sam.ldb \
		--controls=provision:0 <<-%EOF
	dn: $myRIDSetDN
	changetype: modify
	delete: rIDNextRID
	rIDNextRID: $lastrid
	-
	add: rIDNextRID
	rIDNextRID: $nextrid
	
	dn: $dn
	changetype: modify
	replace: objectSid
	objectSid: $domainsid-$nextrid
	%EOF

done < <(univention-ldapsearch sambaSID=S-1-4* uid| sed -n 's/^uid: //p')