#!/usr/bin/perl
################################################################################
#
# userdel2.pl - Danny Sauer, 6/26/2000
# an implementation of userdel for LDAP systems, using ldapmodify
#  as a crude interface.
# CHANGES
#  06-26-2000 - initial write, should work OK with just LDAP
#               doesn't touch system DB yet, but will soon...
#               seems to work OK otherwise
#  08-01-2000 - added system DB support, cleaned up code a little
#
# TODO
#  move to Net::LDAP instead of silly system calls... :)
#
################################################################################

use Getopt::Std;

$ldaphost = "ldaphost.your.do.main";
$ldapdelete = "/usr/bin/ldapdelete";
$ldapsearch = "/usr/bin/ldapsearch";
$basedn = "dc=your,dc=do,dc=main";
$rootdn = "cn=manager,$basedn";
$rootpasswd = "password";
$passfile = "/etc/passwd";
$shadowfile = "/etc/shadow";

################################################################################
# begin not-so-complicated code that you prolly don't need to change
################################################################################
showusage() unless(@ARGV >= 1); # I just need a username
$username = $ARGV[-1] || die "no username!";
getopts("r", \%options);

$userdn = finddn($username);
die "\"$username\" does not exist in LDAP!" unless($userdn);

if($options{'r'}){
	$homedir = findattr("uid", $username, "homedirectory");
	print "removing $homedir\n";
	system("rm -r $homedir");
#	possibly add option to "find / -owner=$username -exec rm -f '{}' \;" ?
}

print "removing $username from LDAP\n";
# use "ldapdelete dn" (replace this with Net::LDAP)
system("$ldapdelete -h $ldaphost -D'$rootdn' -w$rootpasswd '$userdn'");

# remove from passwd
print "removing $username from /etc/passwd";
open(PASS, $passfile) or die "can't open $passfile: $!";
open(TEMPPASS, ">$passfile.usdl") or die "can't open $passfile.usdl: $!";
select(TEMPPASS);
while(<PASS>){ print if(index($_, "$username:")); };
select(STDOUT);
rename($passfile, "$passfile.old") or die "backing up $passfile: $!";
rename("$passfile.usdl", $passfile) or die "replacing $passfile: $!";

# remove from shadow
print " + /etc/shadow\n";
open(SHADOW, $shadowfile) or die "can't open $shadowfile: $!";
open(TEMPSHADOW, ">$shadowfile.usdl") or die "can't open $shadowfile.usdl: $!";
select(TEMPSHADOW);
while(<SHADOW>){ print if(index($_, "$username:")); };
select(STDOUT);
rename($shadowfile, "$shadowfile.old") or die "backing up $shadowfile: $!";
rename("$shadowfile.usdl", $shadowfile) or die "replacing $shadowfile: $!";

exit(0);

################################################################################
# showusage()
# prints the usage message so it looks like the default utility
################################################################################
sub showusage{
   $usage = "usage: userdel [-r] name\n";
   print $usage;
   exit(1);
}

################################################################################
# finddn(uid)
# find and return the distinguished name (dn) for a given uid (username in LDAP)
# convenience funciton that uses findattr
################################################################################
sub finddn{
	$finduid = shift;
	$found = findattr("uid", $finduid, "dn");
	return $found;
}

################################################################################
# findattr(attr, value, search_attr)
# find and return the specificed attr (such as dn, uid, etc) for the given uid
################################################################################
sub findattr{
	$findattr = shift;
	$findval = shift;
	$returnattr = shift;
	$query = "$findattr=$findval $returnattr";
	if($returnattr eq "userpassword"){ #bind as root
		open(LDAPSEARCH, "$ldapsearch -D'$binddn' -w$rootpasswd $query|");
	}else{ #bind anonymously most of the time
		open(LDAPSEARCH, "$ldapsearch $query|");
	}
    $found = <LDAPSEARCH>; #there's better only be one of them...
	chomp($found) unless(!$found); # there *was* a trailing newline on there
	if($found && $returnattr ne "dn"){ # it's on line 2
		$found = <LDAPSEARCH>;
		$found && ($found = (split(/=/, $found, 2))[1]);
		chomp($found);
	}
    close(LDAPSEARCH);
	return $found;
}