#!/bin/sh -e

. alterator-kdc-princ-functions
. alterator-openldap-functions

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

HOMEDEL=
is_workstation=
if [ "$#" -eq 0 ] ;then
    user="-h"
else
    user="$1"
    shift
fi

# Parse arguments
case "$user" in
    -r)
        user="$1"; shift
        HOMEDEL="$(ldap-getent passwd "$user" homeDirectory)"
        ;;
    -w)
        user="$1"; shift
        is_workstation=yes
        ;;
    "--version")
        get_ldap_version
        exit
        ;;
    -h|--help)
        cat <<EOF
Usage: 

    $0 [-r|-w] <user>

Arguments:

    -r          remove the user home directory and mail spool
    -w          remove workstation instead user
    user        LDAP user or workstation name
    -h, --help  show this help
    --version   show version

EOF
        exit
        ;;
esac

if [ "$is_workstation" = "yes" ]; then
    # Fix missing trailing $
    [ "${user#${user%?}}" != "$" ] && user="$user$"

    # Remove workstation record
    ldapdelete -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" "uid=$user,ou=Computers,$base" > /dev/null ||:

    # Delete group
    ldap-groupdel "$user" >/dev/null
else
    # Remove home directory if necessary
    [ -n "$HOMEDEL" ] && rm -rf "$HOMEDEL" "/var/spool/mail/$user"

    # Delete from Kerberos database
    if [ -n "$ENABLE_KRB" ]; then
        kdc_status=
        service krb5kdc status &>/dev/null || kdc_status="fail"

        # Remove user from Kerberos database
        delprinc "$user" &>/dev/null || kdc_status="fail"

        # Error reaction
        [ "$kdc_status" = "fail" ] && fatal "unable to delete user from Kerberos. Check krb5kdc service is running."
    fi

    # Delete user
    ldapdelete -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" "uid=$user,ou=People,$base" > /dev/null ||:

    # Delete group
    ldap-groupdel "$user" >/dev/null
fi
