#!/bin/sh -e

. alterator-openldap-functions

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ $# -ne 0 ] || fatal "more arguments required. See --help for details"
group="$1"; shift

# Parse arguments
case "$group" in
    --version)
	get_ldap_version
	exit
	;;
    -h|--help)
	cat <<EOF
Usage:

    $0 <group>

Arguments:

    group       LDAP group name
    -h, --help  show this help
    --version   show version

EOF
	exit
	;;
esac

gid="$(ldap-getent group "$group"|cut -f3 -d:)"

ldap-getent passwd | cut -f4 -d: | fgrep -xqs "$gid" &&
    fatal "cannot remove user primary group"

ldapdelete -D "$rootdn" $rootpw -x \
		-H "ldap://${host:-127.0.0.1}" \
		"cn=$group,ou=Group,$base" >/dev/null

