#!/bin/bash test_username=user2 test_password=Univention.99 admin_name=Administrator admin_pw=Univention.99 echo "Creating a test user $test_username" adds_fqdn=$(net ads lookup | sed -n 's/^Domain Controller:\t*//p') net ads user add "$test_username" "$test_password" -U"$admin_name"%"$admin_pw" (univention-adsearch samaccountname="$test_username" dn | sed -n 's/^DN: /dn: /p' ; echo -e "changetype: modify\nreplace: userAccountControl\nuserAccountControl: 512") | ldapmodify -x -h "$adds_fqdn" -D "$admin_name@$(hostname -d)" -w "$admin_pw" > /dev/null 2>&1 test_output=$(univention-adsearch samaccountname="$test_username" userAccountControl | sed -n 's/^userAccountControl: //p') if ! [ "$test_output" = "512" ]; then echo "FAIL: Activation of user account failed" exit 1 fi sleep 5 echo "Checking username to SID resolution via winbind" wbinfo_sid=$(wbinfo -n "$test_username" | awk '{print $1}') if [ -z "$wbinfo_sid" ]; then echo "FAIL: wbinfo -n $test_username" exit 1 fi echo "Checking if returned SID is in AD and matches same name" adsearch_username=$(univention-adsearch objectSID="$wbinfo_sid" sAMAccountName | sed -n 's/^sAMAccountName: //p') if [ "$adsearch_username" != "$test_username" ]; then echo "FAIL: adsearch returned '$adsearch_username' != '$test_username'" exit 1 fi echo "Checking SID to username resolution via winbind" test_output=$(wbinfo --sid-to-name="$wbinfo_sid" | awk '{print $1}') if ! [ $? -eq 0 ]; then echo "$test_output" echo "FAIL: wbinfo --sid-to-name=$wbinfo_sid" exit 1 fi echo "Checking wbinfo -i on name just returned by winbind" wbinfo_name=$(echo "$test_output" | awk '{print $1}') wbinfo_info=$(wbinfo -i "$wbinfo_name" 2>&1) if [ -z "$wbinfo_info" ]; then echo "$wbinfo_info" echo "FAIL: wbinfo -i $wbinfo_name" exit 1 else echo "wbinfo -i returned: $wbinfo_info" fi echo "Checking SID to uidNumber resolution via winbind" wbinfo_uid=$(wbinfo --sid-to-uid="$wbinfo_sid" 2>&1) if ! [ $? -eq 0 ]; then echo "$wbinfo_uid" echo "FAIL: wbinfo --sid-to-uid=$wbinfo_sid" exit 1 fi echo "Checking uidNumber returned by winbind against local LDAP" test_output=$(univention-ldapsearch uidNumber="$wbinfo_uid" uid 2>&1) if ! [ $? -eq 0 ]; then echo "$test_output" echo "FAIL: univention-ldapsearch uidNumber="$wbinfo_uid" uid" exit 1 fi ldapsearch_username=$(echo "$test_output" | sed -n 's/^uid: //p') if [ "$ldapsearch_username" != "$test_username" ]; then echo "FAIL: ldapsearch returned '$ldapsearch_username' != '$test_username'" exit 1 fi echo "Checking uidNumber to SID resolution via winbind" wbinfo_sid=$(wbinfo --uid-to-sid="$wbinfo_uid" 2>&1) if ! [ $? -eq 0 ]; then echo "$wbinfo_sid" echo "FAIL: wbinfo --uid-to-sid=$wbinfo_uid" exit 1 fi echo "Checking for dynamic IDMAP allocation object (should not be generated by winbind)" test_output=$(univention-ldapsearch "(&(objectClass=sambaIdmapEntry)(sambaSID=$wbinfo_sid))") ldapsearch_IdmapEntrySID=$(echo "$test_output" | sed -n 's/^sambaSID: //p') if [ -n "$ldapsearch_IdmapEntrySID" ]; then echo "FAIL: Found sambaIdmapEntry for sambaSID=$wbinfo_sid in local LDAP" exit 1 fi echo SUCCESS