#!/bin/sh
# SPDX-FileCopyrightText: 2011-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only

if [ -n "$1" ] ; then
	INTERVAL=$1
else
	INTERVAL=7
fi
if [ -n "$2" ] ; then
	BASE="-b $2"
fi

eval "$(univention-config-registry shell ldap/hostdn)"

now=$(date +%Y%m%d | tr -d '\n')
expiredate=$(date -d "$INTERVAL days" +%Y%m%d | tr -d '\n')

ldapsearch -x -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -LLL $BASE '(&(objectClass=posixAccount)(krb5PasswordEnd=*))' dn krb5PasswordEnd | ldapsearch-wrapper | egrep "^(dn|krb5PasswordEnd):" | while read dn ; do
	read datum
	day=$(echo $datum | cut -b18-25)
	if [ $now -le $day -a $day -le $expiredate ] ; then
		echo -n "$day "
		echo "$dn" | awk '{print $2}'
	fi
done
