#!/bin/bash
. /usr/share/univention-lib/all.sh
eval "$(univention-config-registry shell)"
set -x
_create_group_with_special_sid()
{        
		local binddn="cn=admin,$ldap_base"
		local bindpwdfile="/etc/ldap.secret"
		local name="$1"
		local sid="$2"
		local position="$3"
		local ldif

		shift 3

		group_dn="$(univention-ldapsearch "(&(objectClass=univentionGroup)(cn=$name))" | ldapsearch-wrapper | sed -ne 's|dn: ||p')"

		if [ -z "$group_dn" ]; then

				udm groups/group create "$@" --ignore_exists --option=posix \
								--position "$position,$ldap_base" \
								--set name="$name"

				ldif="dn: cn=$name,$position,$ldap_base
changetype: modify
add: objectClass
objectClass: sambaGroupMapping
-
add: sambaSID
sambaSID: $sid
-
replace: univentionObjectFlag
univentionObjectFlag: hidden
-
add: univentionGroupType
univentionGroupType: -2147483643
-
add: sambaGroupType
sambaGroupType: 5"

				echo "$ldif" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -y "$bindpwdfile"

		fi
}
_create_group_with_special_sid "Authentication authority asserted identity" "S-1-18-1" "cn=Builtin"