#!/bin/bash
# remove user for Kerberos/LDAP/NFS4
# paul@vandervlis.nl

# get variables
. /usr/local/sbin/variables

# ask user when not on commandline:
if test "$1" = ""; then
  read -p "Username: " user
else
  user=$1
fi
if test "$user" = ""; then
  echo no user.
  exit
fi

# sure?
echo "Are you really sure to delete everything from the user?"
read -p "Press ctrl-c to stop or enter to continue."

# samba
if test "$samba" = "1"; then
  echo "Samba:"
  smbpasswd -x $user
fi

# remove kerberos principal
kadmin.local -q "delprinc -force $user"

# remove membership of groups:
for GRP in $(id -nG $user | sed 's/[^ ]* //'); do
  TMPLDIF=$(tempfile)
  echo -n "" >$TMPLDIF
  echo "dn: cn=$GRP,ou=groups,$ldaproot" >>$TMPLDIF
  echo "changetype: modify" >>$TMPLDIF
  echo "delete: memberUid" >>$TMPLDIF
  echo "memberUid: $user" >>$TMPLDIF
  ldapmodify -xD "cn=admin,$ldaproot" -w "$ldappw" -f $TMPLDIF
  rm $TMPLDIF
done

# remove from ldap:
ldapdelete -xvD "cn=admin,$ldaproot" -w "$ldappw" "cn=$user,ou=users,$ldaproot"

# remove home directory
rm -rf /srv/nfs4/home/$user

# nscd restart
service nscd restart > /dev/null

#log
echo "`date` removed $user" >> /var/log/au.log