#!/usr/bin/perl
#------------------------------------------------------------
#This action disables the build-in Samba password policy.
#If we leave the default policy in place, creating a user
#may fail and it may be difficult to capture this failure.
#Instead, we will use SME's password strength checking.
#
#Copyright 2014 Koozali Foundation, Inc.
#11/22/2014: G.Zartman <gzartman@koozali.org>
#
#The code contained herein can be distributed under the same
#license as Perl
#
#TO DO:
#
#------------------------------------------------------------
package esmith::thisaction;

use strict;
use warnings;

##Pull arguments
my $event = $ARGV [0];
my $AdminPass = $ARGV [1];

die 'Active Directory access error: Missing admin password' unless ($AdminPass);

##Disable the Samba password policy using samba-tool
warn "Samba domain:  Disabling default Samba password policy\n";

my $samba_tool = "/usr/bin/samba-tool domain passwordsettings set " .
                 "--complexity=off "  .
                 "--min-pwd-length=0 " .
                 "--min-pwd-age=0 " .
                 "--max-pwd-age=365 " . 
                  "-U Administrator\%$AdminPass";
system ($samba_tool);
die "Samba domain error: Unable to disable default password policy.\n" if ($? == -1);

1;

