#!/usr/bin/perl -w
# This script (sophomorix-test-5) is maintained by Rüdiger Beck
# It is Free Software (License GPLv3)
# If you find errors, contact the author
# jeffbeck@web.de  or  jeffbeck@linuxmuster.net

# modules
use strict;
use Getopt::Long;
Getopt::Long::Configure ("bundling");
use Sophomorix::SophomorixBase qw(
                                 print_line
                                 print_title
                                 check_options
                                 get_passwd_charlist
                                 get_plain_password
                                 );
use Sophomorix::SophomorixSambaAD qw(
                                 AD_school_create
                                 AD_bind_admin
                                 AD_unbind_admin
                                 AD_user_create
                                 AD_group_create
                                 AD_group_addmember
                                 AD_user_kill
                                 AD_dns_get
                                 AD_object_search
                                 AD_debug_logdump
                                 AD_get_name_tokened
                                 AD_get_passwd
                                    );
use Sophomorix::SophomorixTest qw(
                                 AD_object_nonexist
                                 AD_test_object
                                 directory_tree_test
                                 start_fs_test
                                 end_fs_test
                                 run_command
                                 file_test_chars
                                 ACL_test
                                 NTACL_test
                                 );

$Conf::log_level=1;
my $help=0;
my $full=0;



my $add_admin=0;
my $test_add_admin=0;

my $mod_admin=0;
my $test_mod_admin=0;

my $kill_admin=0;
my $test_kill_admin=0;

my $all_options="";
my $json=0;
my $ntacl=1;
my $nontacl=0;
my %fs_test_result=();

my $testopt=GetOptions(
           "help|h" => \$help,
           "full|f" => \$full,
           "verbose|v+" => \$Conf::log_level,
           "json|j+" => \$json,
           "nontacl|n" => \$nontacl,
           "add-admin" => \$add_admin,
           "test-add-admin" => \$test_add_admin,
           "mod-admin" => \$mod_admin,
           "test-mod-admin" => \$test_mod_admin,
           "kill-admin" => \$kill_admin,
           "test-kill-admin" => \$test_kill_admin,
  );


# Prüfen, ob Optionen erkannt wurden, sonst Abbruch
&check_options($testopt);

if ($nontacl==1){
    $ntacl=0;
}

if ($Conf::log_level==1){
    $all_options="";
} elsif ($Conf::log_level==2){
    $all_options="-v";
} elsif ($Conf::log_level==3){
    $all_options="-vv";
}

if ($json==0){
    # nothing to do
} elsif ($json==1){
    $all_options=$all_options." -j";
} elsif ($json==2){
    $all_options=$all_options." -jj";
} elsif ($json==3){
    $all_options=$all_options." -jjj";
} 

my ($ldap,$root_dse) = &AD_bind_admin();
my $root_dns=&AD_dns_get($root_dse);
my ($smb_admin_pass)=&AD_get_passwd($DevelConf::sophomorix_file_admin,
                                     $DevelConf::secret_file_sophomorix_file_admin);

my $testdata="/usr/share/sophomorix-developer/testdata";

# --help
if ($help==1) {
   # Scriptname ermitteln
   my @list = split(/\//,$0);
   my $scriptname = pop @list;
   # Befehlsbeschreibung
   print('
sophomorix-test-5 tests the addition of admins.

Options
  -h  / --help

  Admins:
  sophomorix-test-5 --add-admin  
    add some admins
  sophomorix-test-5 --test-add-admin
    test the added admins

  sophomorix-test-5 --mod-admin
    modify added admins
  sophomorix-test-5 --test-mod-admin
    test modified admins

  sophomorix-test-5 --kill-admin
    kill all added admins
  sophomorix-test-5 --test-kill-admin
    test killed admins

');
   print "\n";
   exit;
}





############################################################
# Check preliminaries
############################################################

# --full
if ($full==1){
    $add_admin=1;
    $mod_admin=1;
    $kill_admin=1;
    $test_add_admin=1;
    $test_mod_admin=1;
    $test_kill_admin=1;
}

############################################################
# Add admins
############################################################
# --add-admin  
if ($add_admin==1){

    # admin
    # schooladmin in OU=bsz and OU=abc
    &run_command("sophomorix-admin --create-school-admin admin-bsz-66 --school bsz --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-school-admin admin-abc-666 --school abc --password 'Muster!' $all_options");
    # schooladmin in OU=default-school
    &run_command("sophomorix-admin --create-school-admin admin-66 --school default-school --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-school-admin admin-666 --school default-school --password 'Muster!' $all_options");
    # globaladmin in OU=GLOBAL
    &run_command("sophomorix-admin --create-global-admin global-admin-66 --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-global-admin global-admin-666 --password 'Muster!' $all_options");

    # binduser
    # schoolbinduser in OU=bsz and OU=abc
    &run_command("sophomorix-admin --create-school-binduser binduser-bsz-66 --school bsz --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-school-binduser binduser-abc-666 --school abc --password 'Muster!' $all_options");
    # schoolbinduser in OU=default-school
    &run_command("sophomorix-admin --create-school-binduser binduser-66 --school default-school --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-school-binduser binduser-666 --school default-school --password 'Muster!' $all_options");
    # globalbinduser in OU=GLOBAL
    &run_command("sophomorix-admin --create-global-binduser global-binduser-66 --random-passwd-save $all_options");
    &run_command("sophomorix-admin --create-global-binduser global-binduser-666 --password 'Muster!' $all_options");

    #&run_command("sophomorix-ui $all_options --abs-path-ui-ini /usr/share/sophomorix/config-templates/test-ui-perm.ini");

}

############################################################
# Test added admins
############################################################
# --test-add-admin  
if ($test_add_admin==1){
    ######################################################################
    # test admins
    ######################################################################
    # admin-bsz-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=admin-bsz-66,OU=Management,OU=bsz,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"bsz Admin",
                   givenName=>"bsz",
                   name=>"admin-bsz-66",
                   sAMAccountname=>"admin-bsz-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\bsz\\management\\admin-bsz-66",
                   unixHomeDirectory=>"/srv/samba/schools/bsz/management/admin-bsz-66",
                   sn=>"Admin",
                   userPrincipalName => "admin-bsz-66@".$root_dns,
                   mail => "admin-bsz-66@".$root_dns,
                   sophomorixAdminClass => "bsz-admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "bsz",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "schooladministrator",
                   sophomorixQuota=>"bsz:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "bsz",
                   sophomorixSchoolname => "bsz",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: true|lm:quotas:apply: true|lm:quotas:configure: false",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-schooladministrator|bsz-admins|bsz-wifi|bsz-internet|bsz-webfilter|bsz-intranet|bsz-printing",
                  });
    ##### Testing the users group
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=bsz-admins,OU=Management,OU=bsz,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"bsz-admins",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"admins",
                   mail => "bsz-admins@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixSchoolname => "bsz",
                   memberOf => "s_bsz|all-admins",
                   member => "admin-bsz-66|global-admins",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/admin-bsz-66",20);


    # admin-abc-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=admin-abc-666,OU=Management,OU=abc,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"abc Admin",
                   givenName=>"abc",
                   name=>"admin-abc-666",
                   sAMAccountname=>"admin-abc-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\abc\\management\\admin-abc-666",
                   unixHomeDirectory=>"/srv/samba/schools/abc/management/admin-abc-666",
                   sn=>"Admin",
                   userPrincipalName => "admin-abc-666@".$root_dns,
                   mail => "admin-abc-666@".$root_dns,
                   sophomorixAdminClass => "abc-admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "abc",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "schooladministrator",
                   sophomorixQuota=>"abc:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "abc",
                   sophomorixSchoolname => "abc",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: true|lm:quotas:apply: true|lm:quotas:configure: false",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-schooladministrator|abc-admins|abc-wifi|abc-internet|abc-webfilter|abc-intranet|abc-printing",
                  });
    ##### Testing the users group
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=abc-admins,OU=Management,OU=abc,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"abc-admins",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"admins",
                   mail => "abc-admins@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixSchoolname => "abc",
                   memberOf => "s_abc|all-admins",
                   member => "admin-abc-666|global-admins",
                  });


    # admin-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=admin-66,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"default-school Admin",
                   givenName=>"default-school",
                   name=>"admin-66",
                   sAMAccountname=>"admin-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\default-school\\management\\admin-66",
                   unixHomeDirectory=>"/srv/samba/schools/default-school/management/admin-66",
                   sn=>"Admin",
                   userPrincipalName => "admin-66@".$root_dns,
                   mail => "admin-66@".$root_dns,
                   sophomorixAdminClass => "admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "default-school",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "schooladministrator",
                   sophomorixQuota=>"default-school:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "---",
                   sophomorixSchoolname => "default-school",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: true|lm:quotas:apply: true|lm:quotas:configure: true",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-schooladministrator|admins|wifi|internet|webfilter|intranet|printing",
                  });
    # admin-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=admin-666,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"default-school Admin",
                   givenName=>"default-school",
                   name=>"admin-666",
                   sAMAccountname=>"admin-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\default-school\\management\\admin-666",
                   unixHomeDirectory=>"/srv/samba/schools/default-school/management/admin-666",
                   sn=>"Admin",
                   userPrincipalName => "admin-666@".$root_dns,
                   mail => "admin-666@".$root_dns,
                   sophomorixAdminClass => "admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "default-school",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "schooladministrator",
                   sophomorixQuota=>"default-school:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "---",
                   sophomorixSchoolname => "default-school",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: true|lm:quotas:apply: true|lm:quotas:configure: true",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-schooladministrator|admins|wifi|internet|webfilter|intranet|printing",
                  });
    ##### Testing the users group
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=admins,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"admins",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"admins",
                   mail => "admins@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixSchoolname => "default-school",
                   memberOf => "s_default-school|all-admins",
                   member => "admin-66|admin-666|global-admins",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/admin-66",20);



    ##### Testing the users group
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=all-admins,OU=Management,OU=GLOBAL,".$root_dse,
                   sAMAccountname=>"all-admins",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"alladmins",
                   mail => "all-admins@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixSchoolname => "global",
                   memberOf => "",
                   member => "bsz-admins|abc-admins|admins",
                  });


    # global-admin-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=global-admin-66,OU=Management,OU=GLOBAL,".$root_dse,
                   #####
                   displayName=>"Global Admin",
                   givenName=>"Global",
                   name=>"global-admin-66",
                   sAMAccountname=>"global-admin-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\linuxmuster-global\\management\\global-admin-66",
                   unixHomeDirectory=>"/srv/samba/schools/global/management/global-admin-66",
                   sn=>"Admin",
                   userPrincipalName => "global-admin-66@".$root_dns,
                   mail => "global-admin-66@".$root_dns,
                   sophomorixAdminClass => "global-admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "Global",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "globaladministrator",
                   sophomorixQuota=>"linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "global",
                   sophomorixSchoolname => "global",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: false|lm:linbo:examples: true|lm:linbo:images: true",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-globaladministrator|global-admins|all-wifi|all-internet|all-webfilter|all-intranet|all-printing",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/global-admin-66",22);

    # global-admin-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=global-admin-666,OU=Management,OU=GLOBAL,".$root_dse,
                   #####
                   displayName=>"Global Admin",
                   givenName=>"Global",
                   name=>"global-admin-666",
                   sAMAccountname=>"global-admin-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\linuxmuster-global\\management\\global-admin-666",
                   unixHomeDirectory=>"/srv/samba/schools/global/management/global-admin-666",
                   sn=>"Admin",
                   userPrincipalName => "global-admin-666@".$root_dns,
                   mail => "global-admin-666@".$root_dns,
                   sophomorixAdminClass => "global-admins",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "Global",
                   sophomorixSurnameASCII  => "Admin",
                   sophomorixRole => "globaladministrator",
                   sophomorixQuota=>"linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "global",
                   sophomorixSchoolname => "global",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "lm:linbo:configs: false|lm:linbo:examples: true|lm:linbo:images: true",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
                   memberOf => "role-globaladministrator|global-admins|all-wifi|all-internet|all-webfilter|all-intranet|all-printing",
                  });
    ##### Testing the users group
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=global-admins,OU=Management,OU=GLOBAL,".$root_dse,
                   sAMAccountname=>"global-admins",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"powergroup",
                   mail => "global-admins@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixSchoolname => "global",
                   memberOf => "admins|bsz-admins|bsz-admins|Domain Admins",
                   member => "global-admin-66|global-admin-666",
                  });

    ######################################################################
    # test binduser
    ######################################################################
    # binduser-bsz-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=binduser-bsz-66,OU=Management,OU=bsz,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"bsz Binduser",
                   givenName=>"bsz",
                   name=>"binduser-bsz-66",
                   sAMAccountname=>"binduser-bsz-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\bsz\\management\\binduser-bsz-66",
                   unixHomeDirectory=>"/srv/samba/schools/bsz/management/binduser-bsz-66",
                   sn=>"Binduser",
                   userPrincipalName => "binduser-bsz-66@".$root_dns,
                   mail => "binduser-bsz-66@".$root_dns,
#                   sophomorixAdminClass => "bsz-AD_RO_auth",
                   sophomorixAdminClass => "s_bsz",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "bsz",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "schoolbinduser",
                   sophomorixQuota=>"bsz:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "bsz",
                   sophomorixSchoolname => "bsz",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "bsz-AD_RO_auth",
                   memberOf => "s_bsz",
                  });
    ##### Testing the users group
    # &AD_test_object({ldap=>$ldap,
    #                dn=>"CN=bsz-AD_RO_auth,OU=Management,OU=bsz,OU=SCHOOLS,".$root_dse,
    #                sAMAccountname=>"bsz-AD_RO_auth",
    #                sophomorixCreationDate => "exists",
    #                sophomorixStatus=>"P",
    #                sophomorixType=>"roauth",
    #                mail => "bsz-AD_RO_auth@".$root_dns,
    #                sophomorixHidden=>"FALSE",
    #                sophomorixSchoolname => "bsz",
    #                memberOf => "",
    #                member => "binduser-bsz-66",
    #               });
    # group <schoolname>
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=s_bsz,OU=bsz,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"s_bsz",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"school",
                   mail => "s_bsz@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixJoinable=>"FALSE",
                   sophomorixSchoolname => "bsz",
                   memberOf => "SCHOOLS",
                   member => "binduser-bsz-66|bsz-teachers|bsz-students|bsz-admins|bsz-examusers",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/binduser-bsz-66",19);



    # binduser-abc-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=binduser-abc-666,OU=Management,OU=abc,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"abc Binduser",
                   givenName=>"abc",
                   name=>"binduser-abc-666",
                   sAMAccountname=>"binduser-abc-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\abc\\management\\binduser-abc-666",
                   unixHomeDirectory=>"/srv/samba/schools/abc/management/binduser-abc-666",
                   sn=>"Binduser",
                   userPrincipalName => "binduser-abc-666@".$root_dns,
                   mail => "binduser-abc-666@".$root_dns,
#                   sophomorixAdminClass => "abc-AD_RO_auth",
                   sophomorixAdminClass => "s_abc",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "abc",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "schoolbinduser",
                   sophomorixQuota=>"abc:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "abc",
                   sophomorixSchoolname => "abc",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "abc-AD_RO_auth",
                   memberOf => "s_abc",
                  });
    ##### Testing the users group
    # &AD_test_object({ldap=>$ldap,
    #                dn=>"CN=abc-AD_RO_auth,OU=Management,OU=abc,OU=SCHOOLS,".$root_dse,
    #                sAMAccountname=>"abc-AD_RO_auth",
    #                sophomorixCreationDate => "exists",
    #                sophomorixStatus=>"P",
    #                sophomorixType=>"roauth",
    #                mail => "abc-AD_RO_auth@".$root_dns,
    #                sophomorixHidden=>"FALSE",
    #                sophomorixSchoolname => "abc",
    #                memberOf => "",
    #                member => "binduser-abc-666",
    #               });
    # group <schoolname>
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=s_abc,OU=abc,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"s_abc",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"school",
                   mail => "s_abc@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixJoinable=>"FALSE",
                   sophomorixSchoolname => "abc",
                   memberOf => "SCHOOLS",
                   member => "binduser-abc-666|abc-teachers|abc-students|abc-admins|abc-examusers",
                  });


    # binduser-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=binduser-66,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"default-school Binduser",
                   givenName=>"default-school",
                   name=>"binduser-66",
                   sAMAccountname=>"binduser-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\default-school\\management\\binduser-66",
                   unixHomeDirectory=>"/srv/samba/schools/default-school/management/binduser-66",
                   sn=>"Binduser",
                   userPrincipalName => "binduser-66@".$root_dns,
                   mail => "binduser-66@".$root_dns,
#                   sophomorixAdminClass => "AD_RO_auth",
                   sophomorixAdminClass => "s_default-school",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "default-school",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "schoolbinduser",
                   sophomorixQuota=>"default-school:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "---",
                   sophomorixSchoolname => "default-school",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "AD_RO_auth",
                   memberOf => "s_default-school",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/binduser-66",19);


    # binduser-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=binduser-666,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
                   #####
                   displayName=>"default-school Binduser",
                   givenName=>"default-school",
                   name=>"binduser-666",
                   sAMAccountname=>"binduser-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\default-school\\management\\binduser-666",
                   unixHomeDirectory=>"/srv/samba/schools/default-school/management/binduser-666",
                   sn=>"Binduser",
                   userPrincipalName => "binduser-666@".$root_dns,
                   mail => "binduser-666@".$root_dns,
#                   sophomorixAdminClass => "AD_RO_auth",
                   sophomorixAdminClass => "s_default-school",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "default-school",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "schoolbinduser",
                   sophomorixQuota=>"default-school:---:---:new:---:|linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "---",
                   sophomorixSchoolname => "default-school",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "AD_RO_auth",
                   memberOf => "s_default-school",
                  });
    # ##### Testing the users group
    # &AD_test_object({ldap=>$ldap,
    #                dn=>"CN=AD_RO_auth,OU=Management,OU=default-school,OU=SCHOOLS,".$root_dse,
    #                sAMAccountname=>"AD_RO_auth",
    #                sophomorixCreationDate => "exists",
    #                sophomorixStatus=>"P",
    #                sophomorixType=>"roauth",
    #                mail => "AD_RO_auth@".$root_dns,
    #                sophomorixHidden=>"FALSE",
    #                sophomorixSchoolname => "default-school",
    #                memberOf => "",
    #                member => "binduser-66|binduser-666",
    #               });
    # group <schoolname>
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=s_default-school,OU=default-school,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"s_default-school",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"school",
                   mail => "s_default-school@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixJoinable=>"FALSE",
                   sophomorixSchoolname => "default-school",
                   memberOf => "SCHOOLS",
                   member => "binduser-66|binduser-666|teachers|students|admins|examusers",
                  });



    # ##### Testing the users group
    # &AD_test_object({ldap=>$ldap,
    #                dn=>"CN=all-admins,OU=Management,OU=GLOBAL,".$root_dse,
    #                sAMAccountname=>"all-admins",
    #                sophomorixCreationDate => "exists",
    #                sophomorixStatus=>"P",
    #                sophomorixType=>"alladmins",
    #                mail => "all-admins@".$root_dns,
    #                sophomorixHidden=>"FALSE",
    #                sophomorixSchoolname => "global",
    #                memberOf => "",
    #                member => "bsz-admins|abc-admins|admins",
    #               });

    # global-binduser-66
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=global-binduser-66,OU=Management,OU=GLOBAL,".$root_dse,
                   #####
                   displayName=>"Global Binduser",
                   givenName=>"Global",
                   name=>"global-binduser-66",
                   sAMAccountname=>"global-binduser-66",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\linuxmuster-global\\management\\global-binduser-66",
                   unixHomeDirectory=>"/srv/samba/schools/global/management/global-binduser-66",
                   sn=>"Binduser",
                   userPrincipalName => "global-binduser-66@".$root_dns,
                   mail => "global-binduser-66@".$root_dns,
#                   sophomorixAdminClass => "global-AD_RO_auth",
                   sophomorixAdminClass => "SCHOOLS",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "Global",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "globalbinduser",
                   sophomorixQuota=>"linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "global",
                   sophomorixSchoolname => "global",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "global-AD_RO_auth",
                   memberOf => "SCHOOLS",
                  });
    &file_test_chars("/etc/linuxmuster/.secret/global-binduser-66",21);


    # global-binduser-666
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=global-binduser-666,OU=Management,OU=GLOBAL,".$root_dse,
                   #####
                   displayName=>"Global Binduser",
                   givenName=>"Global",
                   name=>"global-binduser-666",
                   sAMAccountname=>"global-binduser-666",
                   homeDrive=>"H:",
                   homeDirectory=>"\\\\bionic\\linuxmuster-global\\management\\global-binduser-666",
                   unixHomeDirectory=>"/srv/samba/schools/global/management/global-binduser-666",
                   sn=>"Binduser",
                   userPrincipalName => "global-binduser-666@".$root_dns,
                   mail => "global-binduser-666@".$root_dns,
 #                  sophomorixAdminClass => "global-AD_RO_auth",
                   sophomorixAdminClass => "SCHOOLS",
                   sophomorixExitAdminClass => "unknown",
                   sophomorixFirstPassword => "---",
                   sophomorixFirstnameASCII => "Global",
                   sophomorixSurnameASCII  => "Binduser",
                   sophomorixRole => "globalbinduser",
                   sophomorixQuota=>"linuxmuster-global:---:---:new:---:",
                   sophomorixMailQuota=>"---:---:",
                   sophomorixMailQuotaCalculated=>"1",
                   sophomorixSchoolPrefix => "global",
                   sophomorixSchoolname => "global",
                   sophomorixAdminFile => "none",
                   sophomorixCreationDate => "exists",
                   sophomorixTolerationDate => "default",
                   sophomorixDeactivationDate => "default",
                   sophomorixComment => "created by sophomorix",
                   sophomorixWebuiDashboard => "---",
                   sophomorixWebuiPermissions => "",
                   sophomorixWebuiPermissionsCalculated => "",
                   sophomorixExamMode => "---",
                   sophomorixStatus=>"P",
                   sophomorixUnid => "---",
                   accountExpires => "0",
                   userAccountControl => "66048",
#                   memberOf => "global-AD_RO_auth",
                   memberOf => "SCHOOLS",
                  });
    ##### Testing the users group
    # &AD_test_object({ldap=>$ldap,
    #                dn=>"CN=global-AD_RO_auth,OU=Management,OU=GLOBAL,".$root_dse,
    #                sAMAccountname=>"global-AD_RO_auth",
    #                sophomorixCreationDate => "exists",
    #                sophomorixStatus=>"P",
    #                sophomorixType=>"globalroauth",
    #                mail => "global-AD_RO_auth@".$root_dns,
    #                sophomorixHidden=>"FALSE",
    #                sophomorixSchoolname => "global",
    #                memberOf => "",
    #                member => "global-binduser-66|global-binduser-666",
    #               });

    # group SCHOOLS
    &AD_test_object({ldap=>$ldap,
                   dn=>"CN=SCHOOLS,OU=SCHOOLS,".$root_dse,
                   sAMAccountname=>"SCHOOLS",
                   sophomorixCreationDate => "exists",
                   sophomorixStatus=>"P",
                   sophomorixType=>"allschool",
                   mail => "SCHOOLS@".$root_dns,
                   sophomorixHidden=>"FALSE",
                   sophomorixJoinable=>"FALSE",
                   sophomorixSchoolname => "SCHOOLS",
                   memberOf => "",
                   member => "global-binduser-66|global-binduser-666|s_bsz|s_abc|s_default-school",
                  });



    ############################################################
    # fs test
    ############################################################
    &start_fs_test(\%fs_test_result);
    &directory_tree_test("/srv/samba/schools",
                         \%fs_test_result,
                         "/srv/samba/schools",
                         "/srv/samba/schools/abc",
                         "/srv/samba/schools/abc/management",
                         "/srv/samba/schools/abc/share",     
                         "/srv/samba/schools/abc/iso",     
                         "/srv/samba/schools/abc/program",     
                         "/srv/samba/schools/abc/examusers",
                         "/srv/samba/schools/abc/management/admin-abc-666",
                         "/srv/samba/schools/abc/management/admin-abc-666/schooladmindir1",
                         "/srv/samba/schools/abc/management/admin-abc-666/schooladmindir2",
                         "/srv/samba/schools/abc/share/projects",
                         "/srv/samba/schools/abc/students",
                         "/srv/samba/schools/abc/teachers",
                         "/srv/samba/schools/abc/share/teachers",
                         "/srv/samba/schools/abc/share/classes",                                      # ntacl
                         "/srv/samba/schools/abc/share/management",                                      # ntacl
                         "/srv/samba/schools/abc/share/school",                                      # ntacl
                         "/srv/samba/schools/bsz",
                         "/srv/samba/schools/lin",
                         "/srv/samba/schools/ghs",
                         "/srv/samba/schools/bsz/management",
                         "/srv/samba/schools/bsz/share",     
                         "/srv/samba/schools/bsz/iso",     
                         "/srv/samba/schools/bsz/program",     
                         "/srv/samba/schools/bsz/examusers",
                         "/srv/samba/schools/bsz/management/admin-bsz-66",
                         "/srv/samba/schools/bsz/management/admin-bsz-66/schooladmindir1",
                         "/srv/samba/schools/bsz/management/admin-bsz-66/schooladmindir2",
                         "/srv/samba/schools/bsz/share/projects",
                         "/srv/samba/schools/bsz/students",
                         "/srv/samba/schools/bsz/teachers",
                         "/srv/samba/schools/bsz/share/teachers",
                         "/srv/samba/schools/bsz/share/classes",                                      # ntacl
                         "/srv/samba/schools/bsz/share/management",                                      # ntacl
                         "/srv/samba/schools/bsz/share/school",                                      # ntacl
                         "/srv/samba/schools/default-school",
                         "/srv/samba/schools/default-school/management",
                         "/srv/samba/schools/default-school/share",
                         "/srv/samba/schools/default-school/iso",     
                         "/srv/samba/schools/default-school/program",
                         "/srv/samba/schools/default-school/examusers",
                         "/srv/samba/schools/default-school/management/admin-66",
                         "/srv/samba/schools/default-school/management/admin-66/schooladmindir1",
                         "/srv/samba/schools/default-school/management/admin-66/schooladmindir2",
                         "/srv/samba/schools/default-school/management/admin-666",
                         "/srv/samba/schools/default-school/management/admin-666/schooladmindir1",
                         "/srv/samba/schools/default-school/management/admin-666/schooladmindir2",
                         "/srv/samba/schools/default-school/share/projects",
                         "/srv/samba/schools/default-school/students",
                         "/srv/samba/schools/default-school/teachers",
                         "/srv/samba/schools/default-school/share/teachers",
                         "/srv/samba/schools/default-school/share/classes",                                      # ntacl
                         "/srv/samba/schools/default-school/share/management",                                      # ntacl
                         "/srv/samba/schools/default-school/share/school",                                      # ntacl
                         "/srv/samba/schools/uni",
                        ); 
    if ($ntacl==1){
    # /srv/samba/schools/default-school
    &NTACL_test ("default-school",
                 "/",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:S-1-22-2-0',
                 'ACL:LINUXMUSTER\s_default-school:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\admins:ALLOWED/OI|CI|IO/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/default-school/management
    &NTACL_test ("default-school",
                 "/management",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\admins:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI/FULL',
                );
    # /srv/samba/schools/default-school/share/projects
    &NTACL_test ("default-school",
                 "/share/projects",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/default-school/students
    &NTACL_test ("default-school",
                 "/students",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\students:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/default-school/teachers
    &NTACL_test ("default-school",
                 "/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/default-school/share/teachers
    &NTACL_test ("default-school",
                 "/share/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\teachers:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\teachers:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\admins:ALLOWED/OI|CI|I/CHANGE',
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL',
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                 'ACL:Owner Rights:ALLOWED/OI|CI|IO/CHANGE',
                );
    # /srv/samba/schools/abc/management/admin-66
    &NTACL_test ("default-school",
                 "/management/admin-66",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\admin-66:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\admin-66:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    # /srv/samba/schools/abc/management/admin-666
    &NTACL_test ("default-school",
                 "/management/admin-666",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\admin-666:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\admin-666:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    # /srv/samba/schools/bsz
    &NTACL_test ("bsz",
                 "/",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:S-1-22-2-0',
                 'ACL:LINUXMUSTER\s_bsz:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\bsz-students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/OI|CI|IO/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/bsz/management
    &NTACL_test ("bsz",
                 "/management",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI/FULL',
                );
    # /srv/samba/schools/bsz/share/projects
    &NTACL_test ("bsz",
                 "/share/projects",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\bsz-students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
   # /srv/samba/schools/bsz/students
    &NTACL_test ("bsz",
                 "/students",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\bsz-students:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/bsz/teachers
    &NTACL_test ("bsz",
                 "/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/bsz/share/teachers
    &NTACL_test ("bsz",
                 "/share/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\bsz-teachers:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\bsz-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL',
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL', 
                 'ACL:Owner Rights:ALLOWED/OI|CI|IO/CHANGE',
                );
    # /srv/samba/schools/bsz/management/admin-bsz-66
    &NTACL_test ("bsz",
                 "/management/admin-bsz-66",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\admin-bsz-66:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\admin-bsz-66:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    # /srv/samba/schools/abc
    &NTACL_test ("abc",
                 "/",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:S-1-22-2-0',
                 'ACL:LINUXMUSTER\s_abc:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\abc-students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/OI|CI|IO/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/abc/management
    &NTACL_test ("abc",
                 "/management",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI/FULL',
                );
    # /srv/samba/schools/abc/share/projects
    &NTACL_test ("abc",
                 "/share/projects",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\abc-students:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
   # /srv/samba/schools/abc/students
    &NTACL_test ("abc",
                 "/students",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\abc-students:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/abc/teachers
    &NTACL_test ("abc",
                 "/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/0x0/READ', 
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL', 
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/schools/abc/share/teachers
    &NTACL_test ("abc",
                 "/share/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\abc-teachers:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\abc-admins:ALLOWED/OI|CI|I/CHANGE', 
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI|I/FULL',
                 'ACL:LINUXMUSTER\Administrator:ALLOWED/OI|CI|I/FULL', 
                 'ACL:Owner Rights:ALLOWED/OI|CI|IO/CHANGE',
                );
    # /srv/samba/schools/abc/management/admin-abc-666
    &NTACL_test ("abc",
                 "/management/admin-abc-666",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:BUILTIN\Administrators', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\admin-abc-666:ALLOWED/0x0/RWX', 
                 'ACL:LINUXMUSTER\admin-abc-666:ALLOWED/OI|CI|IO/CHANGE', 
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    }
    &end_fs_test(\%fs_test_result);

    ############################################################
    # fs test
    ############################################################
    &start_fs_test(\%fs_test_result);
    &directory_tree_test("/srv/samba/global",
                         \%fs_test_result,
                         "/srv/samba/global",
                         "/srv/samba/global/management",
                         "/srv/samba/global/share",
                         "/srv/samba/global/program",
                         "/srv/samba/global/iso",
                         "/srv/samba/global/management/global-admin-66",
                         "/srv/samba/global/management/global-admin-66/globaladmindir1",
                         "/srv/samba/global/management/global-admin-66/globaladmindir2",
                         "/srv/samba/global/management/global-admin-666",
                         "/srv/samba/global/management/global-admin-666/globaladmindir1",
                         "/srv/samba/global/management/global-admin-666/globaladmindir2",
                         "/srv/samba/global/share/projects",
                         "/srv/samba/global/share/management",         # ntacl
                         "/srv/samba/global/share/global",         # ntacl
                         "/srv/samba/global/students",
                         "/srv/samba/global/teachers",
                        );
    if ($ntacl==1){
    # /srv/samba/global/management
    &NTACL_test ("linuxmuster-global",
                 "/management",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/0x0/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/global/share/projects
    &NTACL_test ("linuxmuster-global",
                 "/share/projects",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI/FULL',
                 'ACL:LINUXMUSTER\global-students:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\global-teachers:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/global/teachers
    &NTACL_test ("linuxmuster-global",
                 "/teachers",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-teachers:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/global/students
    &NTACL_test ("linuxmuster-global",
                 "/students",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-admins:ALLOWED/OI|CI/FULL',
                 'ACL:LINUXMUSTER\global-students:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\global-teachers:ALLOWED/0x0/READ',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL',
                );
    # /srv/samba/global/management/global-admin-66
    &NTACL_test ("linuxmuster-global",
                 "/management/global-admin-66",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-admin-66:ALLOWED/OI|CI/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    # /srv/samba/global/management/global-admin-666
    &NTACL_test ("linuxmuster-global",
                 "/management/global-admin-666",
                 $root_dns,
                 $smb_admin_pass,
                 \%fs_test_result,
                 "REVISION:1",
                 "CONTROL:SR|DP",
                 'OWNER:LINUXMUSTER\Domain Admins', 
                 'GROUP:LINUXMUSTER\Domain Users',
                 'ACL:LINUXMUSTER\global-admin-666:ALLOWED/OI|CI/FULL',
                 'ACL:LINUXMUSTER\Domain Admins:ALLOWED/OI|CI|I/FULL', 
                );
    }
    &end_fs_test(\%fs_test_result);
}




############################################################
# Modify added projects
############################################################
# --mod-admin  
if ($mod_admin==1){
    print "\nNothing to mod so far (--mod-admin), ...\n\n";
}

############################################################
#  Test modified  projects
############################################################
# --test-mod-admin  
if ($test_mod_admin==1){
    print "\nNothing to do so far (--test-mod-admin), ...\n\n";
}




############################################################
# Kill projects
############################################################
# --kill-admin  
if ($kill_admin==1){

    # admin
    # schooladmin in OU=bsz und OU=abc
    &run_command("sophomorix-admin $all_options --kill admin-bsz-66");
    &run_command("sophomorix-admin $all_options --kill admin-abc-666");
    # schooladmin in OU=default-school
    &run_command("sophomorix-admin $all_options --kill admin-66");
    &run_command("sophomorix-admin $all_options --kill admin-666");
    # globaladmin in OU=GLOBAL
    &run_command("sophomorix-admin $all_options --kill global-admin-66");
    &run_command("sophomorix-admin $all_options --kill global-admin-666");

    # binduser
    # schoolbinduser in OU=bsz und OU=abc
    &run_command("sophomorix-admin $all_options --kill binduser-bsz-66");
    &run_command("sophomorix-admin $all_options --kill binduser-abc-666");
    # schoolbinduser in OU=default-school
    &run_command("sophomorix-admin $all_options --kill binduser-66");
    &run_command("sophomorix-admin $all_options --kill binduser-666");
    # globalbinduser in OU=GLOBAL
    &run_command("sophomorix-admin $all_options --kill global-binduser-66");
    &run_command("sophomorix-admin $all_options --kill global-binduser-666");

}



############################################################
#  Test killed  users, groups, projects
############################################################
# --test-kill-admin  
if ($test_kill_admin==1){

    # admin
    &AD_object_nonexist($ldap,$root_dse,"user","admin-bsz-66");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-abc-666");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-66");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-666");
    &AD_object_nonexist($ldap,$root_dse,"user","global-admin-66");
    &AD_object_nonexist($ldap,$root_dse,"user","global-admin-666");

    # binduser
    &AD_object_nonexist($ldap,$root_dse,"user","admin-bsz-66");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-abc-666");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-66");
    &AD_object_nonexist($ldap,$root_dse,"user","admin-666");
    &AD_object_nonexist($ldap,$root_dse,"user","global-admin-66");
    &AD_object_nonexist($ldap,$root_dse,"user","global-admin-666");

    ############################################################
    # fs test
    ############################################################
    &start_fs_test(\%fs_test_result);
    &directory_tree_test("/srv/samba/schools",
                         \%fs_test_result,
                         "/srv/samba/schools",
                         "/srv/samba/schools/abc",
                         "/srv/samba/schools/abc/management",
                         "/srv/samba/schools/abc/share",     
                         "/srv/samba/schools/abc/iso",     
                         "/srv/samba/schools/abc/program",     
                         "/srv/samba/schools/abc/examusers",
                         "/srv/samba/schools/abc/share/projects",
                         "/srv/samba/schools/abc/students",
                         "/srv/samba/schools/abc/teachers",
                         "/srv/samba/schools/abc/share/teachers",
                         "/srv/samba/schools/abc/share/classes",                                      # ntacl
                         "/srv/samba/schools/abc/share/management",                                      # ntacl
                         "/srv/samba/schools/abc/share/school",                                      # ntacl
                         "/srv/samba/schools/bsz",
                         "/srv/samba/schools/lin",
                         "/srv/samba/schools/ghs",
                         "/srv/samba/schools/bsz/management",
                         "/srv/samba/schools/bsz/share",     
                         "/srv/samba/schools/bsz/iso",     
                         "/srv/samba/schools/bsz/program",     
                         "/srv/samba/schools/bsz/examusers",
                         "/srv/samba/schools/bsz/share/projects",
                         "/srv/samba/schools/bsz/students",
                         "/srv/samba/schools/bsz/teachers",
                         "/srv/samba/schools/bsz/share/teachers",
                         "/srv/samba/schools/bsz/share/classes",                                      # ntacl
                         "/srv/samba/schools/bsz/share/management",                                      # ntacl
                         "/srv/samba/schools/bsz/share/school",                                      # ntacl
                         "/srv/samba/schools/default-school",
                         "/srv/samba/schools/default-school/management",
                         "/srv/samba/schools/default-school/share",
                         "/srv/samba/schools/default-school/iso",     
                         "/srv/samba/schools/default-school/program",
                         "/srv/samba/schools/default-school/examusers",
                         "/srv/samba/schools/default-school/share/projects",
                         "/srv/samba/schools/default-school/students",
                         "/srv/samba/schools/default-school/teachers",
                         "/srv/samba/schools/default-school/share/teachers",
                         "/srv/samba/schools/default-school/share/classes",                                      # ntacl
                         "/srv/samba/schools/default-school/share/management",                                      # ntacl
                         "/srv/samba/schools/default-school/share/school",                                      # ntacl
                         "/srv/samba/schools/uni",
                        ); 
    &end_fs_test(\%fs_test_result);

    ############################################################
    # fs test
    ############################################################
    &start_fs_test(\%fs_test_result);
    &directory_tree_test("/srv/samba/global",
                         \%fs_test_result,
                         "/srv/samba/global",
                         "/srv/samba/global/management",
                         "/srv/samba/global/share",
                         "/srv/samba/global/program",
                         "/srv/samba/global/iso",
                         "/srv/samba/global/share/projects",
                         "/srv/samba/global/share/management",         # ntacl
                         "/srv/samba/global/share/global",         # ntacl
                         "/srv/samba/global/students",
                         "/srv/samba/global/teachers",
                        ); 
    &end_fs_test(\%fs_test_result);
}


&AD_unbind_admin($ldap);
