#!/usr/bin/python2.7

import univention.uldap
import univention.config_registry
import ldap
import sys

cr = univention.config_registry.ConfigRegistry()
cr.load()

# split rootpw "
bindpw = open('/etc/ldap/rootpw.conf').readline().strip()[8:-1]

# ldap connection
try:
	lo = univention.uldap.access(host='%s.%s' % (cr['hostname'], cr['domainname']), port=None, base=cr['ldap/base'], binddn='cn=update,%s' % cr['ldap/base'], bindpw=bindpw)
except Exception as e:
	print "failed to get ldap connection: %s" % e

# search groups and del/add uniqueMember
results = lo.search(base=cr.get("ldap/base"), attr=["uniqueMember"], filter="(&(objectClass=posixGroup)(uniqueMember=*))")
for result in results:
	dn = result[0]
	uniqueMember = result[1].get("uniqueMember", [""])
	if dn and uniqueMember:
		try:
			# update groups
			ml = []
			ml.append((ldap.MOD_REPLACE, "uniqueMember", uniqueMember))
			lo.modify_s(dn, ml)
		except Exception as e:
			sys.stderr.write("E: modifing %s failed error with %s\n" % (dn, e))
			sys.stderr.write("   please check the membership of this group\n")
			sys.exit(1)