#!/usr/bin/python3
# SPDX-FileCopyrightText: 2012-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only

"""This tool removes the sambaPwdMustChange value from all accounts"""

import sys
from argparse import ArgumentParser

import univention.admin
import univention.admin.uldap


if __name__ == '__main__':
    ACTIONS = ('test', 'remove')

    parser = ArgumentParser(description=__doc__)
    parser.add_argument(
        "action",
        help="Test for sambaPwdMustChange values, or remove them. The default action is test.",
        choices=ACTIONS,
        nargs='?',
    )

    options = parser.parse_args()

    # check argument (action)
    if not options.action:
        print('', file=sys.stderr)
        print('warning: no action given. default is test', file=sys.stderr)
        print('', file=sys.stderr)
        options.action = 'test'

    configRegistry = univention.config_registry.ConfigRegistry()
    configRegistry.load()

    lo, position = univention.admin.uldap.getAdminConnection()

    res = lo.search('sambaPwdMustChange=*', attr=['sambaPwdMustChange'])
    if not res:
        print('No user with sambaPwdMustChange was found.')
    else:
        for ob in res:
            print('Remove sambaPwdMustChange (%s) for %s' % (ob[1].get('sambaPwdMustChange', [])[0].decode('utf-8'), ob[0]), end=' ')
            if options.action == 'remove':
                lo.modify(ob[0], [('sambaPwdMustChange', ob[1].get('sambaPwdMustChange', []), b'')])
                print('done')
            else:
                print('(testing mode)')
