#!/usr/bin/python2.7
import json

import ldap
from ldap.dn import explode_dn

from univention.config_registry import ConfigRegistry

ucr = ConfigRegistry()
ucr.load()

with open('/etc/machine.secret') as fd:
	password = fd.read().rstrip('\n')

ldap_uri = 'ldap://{}:{}'.format(ucr.get('ldap/server/name'), ucr.get('ldap/server/port'))
bind_dn = ucr.get('ldap/hostdn')
ldap_base = ucr.get('ldap/base')

con = ldap.initialize(ldap_uri)
con.simple_bind_s(bind_dn, password)
ldap_content = {}
users = {}
groups = con.search_s(ldap_base, ldap.SCOPE_SUBTREE, u"(objectClass=posixGroup)")
for dn, attrs in groups:
	usernames = []
	groups = []
	member_uids = [member.lower() for member in attrs.get('memberUid', [])]
	unique_members = [member.lower() for member in attrs.get('uniqueMember', [])]
	for member in member_uids:
		if not member.endswith('$'):
			usernames.append(member.lower())
	for member in unique_members:
		if member.startswith('cn='):
			member_uid = explode_dn(member, True)[0].lower()
			if '{}$'.format(member_uid) not in member_uids:
				groups.append(member)
	ldap_content[dn.lower()] = {'usernames': usernames, 'groups': groups}

with open("/dev/stdout", "w") as fd:
	json.dump(ldap_content, fd)