#!/bin/bash
# remove user from group for Kerberos/LDAP/NFS4
# paul@vandervlis.nl

# get variables
. /usr/local/sbin/variables

# ask user when not on commandline:
if test "$1" = ""; then
  read -p "Username(s): " user
else
  user=$1
fi
if test "$user" = ""; then
  echo no user.
  exit
fi

# ask group when not on commandline:
if test "$2" = ""; then
  read -p "Groupname(s): " group
else
  group=$2
fi
if test "$group" = ""; then
  echo no group.
  exit
fi

# todo:  tests?

# do it:
for USER2 in $user; do
  for GROUP2 in $group; do
    TMPLDIF=$(tempfile)
    echo -n "" >$TMPLDIF
    echo "dn: cn=$GROUP2,ou=groups,$ldaproot" >>$TMPLDIF
    echo "changetype: modify" >>$TMPLDIF
    echo "delete: memberUid" >>$TMPLDIF
    echo "memberUid: $USER2" >>$TMPLDIF
    echo "remove $USER2 from $GROUP2:"
    ldapmodify -xD "cn=admin,$ldaproot" -w "$ldappw" -f $TMPLDIF
    rm $TMPLDIF
  done
#  # remove links for user, needs better testing
#  mlist=`ls -1 /srv/nfs4/data/`
#  for map in $mlist; do
#    su $user -c "ls /srv/nfs4/data/$map > /dev/null 2>&1"
#    if ! test $? = 0; then
#      echo "remove link for $map"
#      rm /srv/nfs4/home/$user/$map
#    fi
#  done
done

# nscd restart   
service nscd restart > /dev/null

# log
echo "`date` remove user(s) $user from group(s) $group" >> /var/log/au.log