#!/usr/bin/python2
# coding=utf-8


import ldb
from samba.samdb import SamDB
from samba.auth import system_session
# from samba.ndr import ndr_pack, ndr_unpack
# from samba.dcerpc import security
import samba.param
# import base64
# import binascii
from UserAd_class import UserAd
import zayavka_reader as z_reader

base = "CN=Users,DC=techgrow,DC=local"  # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"
domainName = 'techgrow.local'

dbconn = {'host': '10.3.11.177',
          'user': 'readonlyuser',
          'pass': 'Readonly@2006',
          'base': 'techgrow'}

sql = 'select * from LDAP'
sql_update_changes = "update LDAP set Changes = 'N' where ID = '%s'"
sql_delete = "delete from LDAP where Delete = 'Y' and ID = '%s'"

ad_groups = ['vpn-users', 'gogs']
ad_groups_users = ['vpn-users', 'gogs']
ad_groups_bitrix = ['vpn-web-vpn', 'gogs']
ad_groups_1c = ['vpn-1c-vpn', 'Domain Users']
ad_group_xserv = 'ics'
ad_group_rdp = 'Пользователи удаленного рабочего стола'


def users_make_ad(sam, base):
    expression = "(&(objectCategory=person)(objectClass=user))"
    users = {}
    res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
    for i in res:
        enabled = 0
        if int(str(i['userAccountControl'])) & 2 == 0:
            enabled = 1
        memberOf = []
        for k in i['memberOf']:
            memberOf.append(str(k).split(',')[0].split('=')[1])
        users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']),
                                           'memberOf': memberOf,
                                           'userAccountControl': int(str(i['userAccountControl'])),
                                           'enabled': enabled}
    return users


def main():
    lp = samba.param.LoadParm()
    lp.load(samba.param.default_path())  # или lp.load("/etc/samba/smb.conf")
    sam = SamDB(lp=lp, session_info=system_session())
    expression = "(&(objectCategory=person)(objectClass=user))"

    res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
    for i in res:
        print(str(i['samAccountName']))
    res, err = z_reader.mysql_reader(dbconn, sql)
    if err:
        print(err)
        exit(0)
    z_users = z_reader.users_make_zayavka(res)
    i = 0
    for z_user in z_users:
        print(z_user, z_users[z_user])
        ad_user = UserAd(sam, base, domainName, z_users[z_user]['samAccountName'], z_users[z_user]['usrPass'])
        if z_users[z_user]['toRemove']:  # удаляем, если такой есть
            print("removing user")
            if ad_user.exists:
                ad_user.remove()
                dat, err = z_reader.mysql_reader(dbconn, sql_delete % z_users[z_user]['id'])
                if err:
                    print(err)
            continue
        if not ad_user.exists:
            print("make new user")
            ad_res = ad_user.add()
            if ad_res:
                print(ad_res)
        if z_users[z_user]['pwChange']:  # обновляем пароль
            ad_res = ad_user.set_passwd()
            if ad_res:
                print(ad_res)
            dat, err = z_reader.mysql_reader(dbconn, sql_update_changes % z_users[z_user]['id'])
            if err:
                print(err)
        if z_users[z_user]['enabled']:  # инаблим или дисаблим
            ad_user.enable()
        else:
            ad_user.disable()
        for group in z_users[z_user]['memberOf']:
            ad_user.add_in_group(group)


if __name__ == '__main__':
    main()