#!/bin/bash

set -e
#CONTEXT=${1:-reconfigure}

# shellcheck disable=SC1091,SC1090
. /etc/eole/gposcript.conf

# shellcheck disable=SC1091,SC1090
. /etc/eole/samba4-vars.conf
if [ "${AD_SERVER_ROLE}" != "controleur de domaine" ]
then
    echo "Pas de GPO sur les serveurs membres"
    exit 0
fi

if [ "${AD_ADDITIONAL_DC}" != "non" ]
then
    echo "Cette commande ne doit pas être éxecutée sur les Dc Secondaires."
    exit 0
fi

# KEYFILE="/tmp/gpoinit.keytab"
# [ -f "$KEYFILE" ] && rm -f "$KEYFILE"
# USER="$AD_ADMIN@${AD_REALM^^}"
# samba-tool domain exportkeytab "$KEYFILE" --principal="$USER" -P
# kinit "$USER" -k -t "$KEYFILE"

if [ "$GPOSCRIPT" -eq 0 ]; then
    echo "Import scripts and Registry.xml files in GPO"
    ADMIN_PWD="$(cat /var/lib/samba/.admin-ad-dc)"
    CREDENTIAL="$AD_ADMIN@${AD_REALM^^}%${ADMIN_PWD}"

    if ! gpo-tool importation import_eole_script --container "$BASEDN" -U"${CREDENTIAL}" -H "ldap://${AD_HOST_NAME}.${AD_REALM}" -d 1
    then
        echo "Update 'eole_script' Erreur"
        exit 1
    else
        echo "Update OK"
    fi
else
    if ! gpo-tool importation delete_by_name eole_script -U"${CREDENTIAL}" -H "ldap://${AD_HOST_NAME}.${AD_REALM}" -d 1
    then
        echo "Delete 'eole_script' Erreur"
        exit 1
    else
        echo "Delete 'eole_script' OK"
    fi
fi
# if [ -e "$KEYFILE" ]
# then
#    # destroy kerberos ticket
#    kdestroy
#    rm -f "$KEYFILE"
# fi
