#!/bin/sh -e

. alterator-kdc-princ-functions
. alterator-openldap-functions

# Read default configuration
set_ldap_config

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

HOMEDEL=
is_workstation=
if [ $# -eq 0 ]; then
    user="-h"
else
    user="$1"
    shift
fi

# Parse arguments
case "$user" in
    -r)
	user="$1"; shift
	HOMEDEL="$(ldap-getent passwd "$user" homeDirectory)"
	;;
    -w)
	user="$1"; shift
	is_workstation=yes
	;;
    --version)
	get_ldap_version
	exit
	;;
    -h|--help)
	cat <<EOF
Usage:

    $0 [-r|-w] <user>

Arguments:

    -r          remove the user home directory and mail spool
    -w          remove workstation instead user
    user        LDAP user or workstation name
    -h, --help  show this help
    --version   show version

EOF
	exit
	;;
esac

if [ "$is_workstation" = "yes" ]
then
    # Fix missing trailing $
    [ "${user#${user%?}}" != "$" ] && user="$user$"

    # Remove workstation record
    ldapdelete -D "$rootdn" $rootpw -x \
		-H "ldap://${host:-127.0.0.1}" \
		"uid=$user,ou=Computers,$base" >/dev/null ||:

    # Delete group
    ldap-groupdel "$user" >/dev/null
else
    # Remove home directory if necessary
    [ -n "$HOMEDEL" ] && rm -rf "$HOMEDEL" "/var/spool/mail/$user"

    # Delete from Kerberos database
    if [ -n "$ENABLE_KRB" ]; then
	kdc_status=
	service krb5kdc status &>/dev/null || kdc_status="fail"

	# Remove user from Kerberos database
	delprinc "$user" &>/dev/null || kdc_status="fail"

	# Error reaction
	[ "$kdc_status" = "fail" ] && fatal "unable to delete user from Kerberos. Check krb5kdc service is running."
    fi

    # Delete user
    ldapdelete -D "$rootdn" $rootpw -x \
		-H "ldap://${host:-127.0.0.1}" \
		"uid=$user,ou=People,$base" >/dev/null ||:

    # Delete group
    ldap-groupdel "$user" >/dev/null
fi

