#!/usr/bin/perl -w
#------------------------------------------------------------
#This action domain administrator accounts Koozali SME 
#Server
#
#Copyright 2016 Koozali Foundation, Inc.
#06/30/2016: G.Zartman <gzartman@koozali.org>
#
#The code contained herein can be distributed under the same
#license as Perl
#------------------------------------------------------------
use strict;
use warnings;
use esmith::ConfigDB;
use esmith::AD;

##Pull arguments
my $event = $ARGV [0] || '';
my $AdminPass = $ARGV [1] || '';

die 'Samba provisioning error: Missing admin password' unless ($AdminPass);

##Create admin accounts in AD 
my $add_admin = "/usr/bin/samba-tool user create " .
                "admin $AdminPass " .
                "-U Administrator\%$AdminPass";
system ($add_admin);
warn "Unable create admin Samba user\n" if ($? == -1);

##Create ad_admin account for runtime access to active directory
my $add_ad_admin = "/usr/bin/samba-tool user create " .
                   "ad_admin " . esmith::AD::getADPass() . " " .
                   "-U Administrator\%$AdminPass";
system ($add_ad_admin);
die "Samba provisioning error: Unable to create ad_admin user in Active Directory.\n" if ($? == -1);


##Enumerate admin accounts and update domain admins group
warn "Enumerating admin accounts\n";
my $ldifs = '/etc/samba/schema/';
my $ad = '/var/lib/samba/private/sam.ldb';
my $modifyUserClass = '/usr/bin/ldbmodify -H ' .
                      "$ad " .
                      $ldifs . 'setupAdmins.ldif ' .
                      '--option="dsdb:schema update allowed"=true';

system ($modifyUserClass);

exit(0);
