#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Checking memberOf attribute
## roles:
##  - domaincontroller_master
##  - domaincontroller_backup
##  - domaincontroller_slave
## packages:
##  - univention-ldap-overlay-memberof
## exposure: safe

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
. /usr/share/univention-lib/ucr.sh || exit 137

set -x

member_of_available () {
	while read -r dn; do
		if ! univention-ldapsearch -LLL -s base -b "$dn" memberOf | grep "^memberOf:"; then
			echo "memberOf missing on $dn"
			return 1
		fi
	done < <(univention-ldapsearch -LLL objectClass=univentionGroup uniqueMember | VAL uniqueMember | grep ^uid= | sort -u)
	return 0
}

member_of_not_available () {
	! univention-ldapsearch -ALLL '(&(objectClass=posixAccount)(uid=*))' memberOf | grep -q '^memberOf:'
}

# activated by default, memberOf should be available
if is_ucr_true ldap/overlay/memberof; then
	member_of_available || fail_fast 1 "ldap/overlay/memberof=true, but memberOf not found"
else
	member_of_not_available || fail_fast 1 "ldap/overlay/memberof=false, but memberOf found"
fi

exit "$RETVAL"
