#!/bin/ksh

###############################################
# Defines
###############################################

CAT=/usr/bin/cat
ECHO=/usr/bin/echo
GREP=/usr/bin/grep
ID=/usr/bin/id
NAWK=/usr/bin/nawk
RM=/usr/bin/rm
SED=/usr/bin/sed
UNIQ=/usr/bin/uniq

OSTYPE=`/bin/uname -s`
if [ "$OSTYPE" = "Linux" ]; then
  CAT=/bin/cat
  ECHO=/bin/echo
  GREP=/bin/grep
  NAWK=/bin/gawk
  RM=/bin/rm
  SED=/bin/sed
fi

BELL_CHAR='\a'

STATE_FILE="/etc/opt/SUNWps/PSConfig.properties"

###############################################
# Get configuration from file
###############################################
GrabConfig() {
  local FILE=$1
  local KEY=$2
  local SEPARATOR=$3

  ANSWER=`$GREP "^$KEY$SEPARATOR" $FILE | $UNIQ | $SED -e "s/$KEY$SEPARATOR//"` 
}

###############################################
# Main
###############################################

if [ `$ID | $NAWK '{print $1}'` != "uid=0(root)" ]; then
  $ECHO "You must be root user. $BELL_CHAR"
  exit 1
fi

if [ ! -f $STATE_FILE ]; then
  $ECHO "Error: $STATE_FILE does not exist. $BELL_CHAR"
  exit 1
fi

GrabConfig $STATE_FILE "IDSAME_BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  PS_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_HOST" "="
if [ "$ANSWER" != "" ]; then
  DS_HOST=$ANSWER
else
  $ECHO "Error: Cannot determine DS_HOST. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_PORT" "="
if [ "$ANSWER" != "" ]; then
  DS_PORT=$ANSWER
else
  $ECHO "Error: Cannot determine DS_PORT. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_DIRMGR_DN" "="
if [ "$ANSWER" != "" ]; then
  DS_DIRMGR_DN=$ANSWER
else
  $ECHO "Error: Cannot determine DS_DIRMGR_DN. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DEPLOY_URI" "="
if [ "$ANSWER" != "" ]; then
  DEPLOY_URI=$ANSWER
else
  $ECHO "Error: Cannot determine DEPLOY_URI. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "IDSAME_AMCONSOLE" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_AMCONSOLE=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_AMCONSOLE. $BELL_CHAR"
  exit 1
fi

FILE="/etc/opt/SUNWam/config/AMConfig.properties"
ADMIN_DN=`$GREP "^com.sun.identity.authentication.super.user=" $FILE | $SED -e "s/com.sun.identity.authentication.super.user=//"`
ROOT_DN=`$GREP "^com.iplanet.am.rootsuffix=" $FILE | $SED -e "s/com.iplanet.am.rootsuffix=//"`
ORG_DN=`$GREP "^com.iplanet.am.defaultOrg=" $FILE | $SED -e "s/com.iplanet.am.defaultOrg=//"`
if [ "$ORG_DN" != "$ROOT_DN" ]; then
  ORG_DN="$ORG_DN,$ROOT_DN"
fi

AMADMIN="$IDSAME_BASEDIR/SUNWam/bin/amadmin"
FILE="/tmp/scrubds.xml"

$ECHO "Cleaning iplanet-am-auth-login-success-url from iPlanetAMAuthService template..."
$ECHO "Cleaning iplanet-am-required-services from iPlanetAMAdminConsoleService template..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <RemoveServiceTemplateAttributeValues serviceName="iPlanetAMAuthService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-auth-login-success-url"/>
        <Value>%protocol://%host:%port$DEPLOY_URI/dt</Value>
      </AttributeValuePair>
    </RemoveServiceTemplateAttributeValues>
  </OrganizationRequests>
  <OrganizationRequests DN="$ORG_DN">
    <AddServiceTemplateAttributeValues serviceName="iPlanetAMAuthService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-auth-login-success-url"/>
        <Value>%protocol://%host:%port$IDSAME_AMCONSOLE</Value>
      </AttributeValuePair>
    </AddServiceTemplateAttributeValues>
  </OrganizationRequests>
  <OrganizationRequests DN="$ORG_DN">
    <RemoveServiceTemplateAttributeValues serviceName="iPlanetAMAdminConsoleService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-required-services"/>
        <Value>SunPortalDesktopService</Value>
        <Value>SunPortalSubscriptionsService</Value>
        <Value>SunPortalNetmailService</Value>
        <Value>SunSSOAdapterService</Value>
      </AttributeValuePair>
    </RemoveServiceTemplateAttributeValues>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Deleting attributes added to iPlanetAMAdminConsoleService ServiceSchema..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//Sun ONE Identity Server 6.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <SchemaRequests serviceName="iPlanetAMAdminConsoleService" SchemaType="Global">
    <RemovePartialDefaultValues>
      <AttributeValuePair>
        <Attribute name="iplanet-am-console-service-view-bean"/>
        <Value>SunPortalDesktopService|/portal/dtadmin/DesktopAdminUserProfile</Value>
      </AttributeValuePair>
    </RemovePartialDefaultValues>
  </SchemaRequests>
  <SchemaRequests serviceName="iPlanetAMAdminConsoleService" SchemaType="Organization">
    <RemovePartialDefaultValues>
      <AttributeValuePair>
        <Attribute name="iplanet-am-admin-console-online-help"/>
        <Value>Portal Help|ps/pshelp.htm|psDesktop|%DYNAMIC_URI%</Value>
      </AttributeValuePair>
      <AttributeValuePair>
        <Attribute name="iplanet-am-admin-console-online-help"/>
        <Value>SSOAdapter_Help|ps/ssoadapterhelp.html|ssoAdapterService|%DYNAMIC_URI%</Value>
      </AttributeValuePair>
    </RemovePartialDefaultValues>
  </SchemaRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Deleting desktop policy..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//Sun ONE Identity Server 6.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Desktop" />
    </DeletePolicy>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Unregistering SunPortalDesktopService..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalDesktopService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Deleting netmail policy..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//Sun ONE Identity Server 6.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Netmail" />
    </DeletePolicy>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Unregistering SunPortalNetMailService..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalNetMailService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Deleting Subscriptions policy..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//Sun ONE Identity Server 6.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Subscriptions" />
    </DeletePolicy>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Unregistering SunPortalSubscriptionsService..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalSubscriptionsService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Unregistering SunSSOAdapterService..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC 
  "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" 
  "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd"
>
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunSSOAdapterService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$ECHO "Deleting services..."
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalDesktopService
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalRewriterService
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalSearchService
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalNetmailService
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalSubscriptionsService
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunSSOAdapterService

$RM -f $FILE

exit 0
