#!/bin/ksh

###############################################
# Defines
###############################################

CAT=/usr/bin/cat
ECHO=/usr/bin/echo
GREP=/usr/bin/grep
ID=/usr/bin/id
NAWK=/usr/bin/nawk
RM=/usr/bin/rm
SED=/usr/bin/sed
UNIQ=/usr/bin/uniq

OSTYPE=`/bin/uname -s`
if [ "$OSTYPE" = "Linux" ]; then
  CAT=/bin/cat
  ECHO=/bin/echo
  GREP=/bin/grep
  NAWK=/bin/gawk
  RM=/bin/rm
  SED=/bin/sed
fi

BELL_CHAR='\a'

STATE_FILE="/etc/opt/SUNWps/PSConfig.properties"

###############################################
# Get configuration from file
###############################################
GrabConfig() {
  local FILE=$1
  local KEY=$2
  local SEPARATOR=$3

  ANSWER=`$GREP "^$KEY$SEPARATOR" $FILE | $UNIQ | $SED -e "s/$KEY$SEPARATOR//"` 
}

###############################################
# Main
###############################################

if [ `$ID | $NAWK '{print $1}'` != "uid=0(root)" ]; then
  $ECHO "You must be root user. $BELL_CHAR"
  exit 1
fi

if [ ! -f $STATE_FILE ]; then
  $ECHO "Error: $STATE_FILE does not exist. $BELL_CHAR"
  exit 1
fi

GrabConfig $STATE_FILE "IDSAME_BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  PS_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_HOST" "="
if [ "$ANSWER" != "" ]; then
  DS_HOST=$ANSWER
else
  $ECHO "Error: Cannot determine DS_HOST. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_PORT" "="
if [ "$ANSWER" != "" ]; then
  DS_PORT=$ANSWER
else
  $ECHO "Error: Cannot determine DS_PORT. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_DIRMGR_DN" "="
if [ "$ANSWER" != "" ]; then
  DS_DIRMGR_DN=$ANSWER
else
  $ECHO "Error: Cannot determine DS_DIRMGR_DN. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DEPLOY_URI" "="
if [ "$ANSWER" != "" ]; then
  DEPLOY_URI=$ANSWER
else
  $ECHO "Error: Cannot determine DEPLOY_URI. $BELL_CHAR"
  exit 1
fi

AMADMIN="$IDSAME_BASEDIR/SUNWam/bin/amadmin"

FILE="/etc/opt/SUNWam/config/AMConfig.properties"
ADMIN_DN=`$GREP "^com.sun.identity.authentication.super.user=" $FILE | $SED -e "s/com.sun.identity.authentication.super.user=//"`
ROOT_DN=`$GREP "^com.iplanet.am.rootsuffix=" $FILE | $SED -e "s/com.iplanet.am.rootsuffix=//"`
ORG_DN=`$GREP "^com.iplanet.am.defaultOrg=" $FILE | $SED -e "s/com.iplanet.am.defaultOrg=//"`
if [ "$ORG_DN" != "$ROOT_DN" ]; then
  ORG_DN="$ORG_DN,$ROOT_DN"
fi

OUTFILE="/tmp/out.tmp"
INFILE="/tmp/query.xml"
$CAT > $INFILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <GetServiceTemplate serviceName="iPlanetAMAuthService" schemaType="Organization"/>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $INFILE > $OUTFILE 2>&1
USER_NAMING=`$GREP "iplanet-am-auth-user-naming-attr =" $OUTFILE | $NAWK '{print $3}' | $SED -e "s/\[//" -e "s/\]//"`
$RM -f $INFILE $OUTFILE

PEOPLE_DN="ou=People,$ORG_DN"
AUTHLESSANONYMOUS_DN="$USER_NAMING=authlessanonymous,$PEOPLE_DN"

FILE="/tmp/scrubds.xml"
$ECHO "Deleting $AUTHLESS_DN user..."
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/SUNWam/dtd/amAdmin.dtd">
<Requests>
  <PeopleContainerRequests DN="$PEOPLE_DN">
    <DeleteUsers>
      <DN>$AUTHLESSANONYMOUS_DN</DN>
    </DeleteUsers>
  </PeopleContainerRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --data $FILE

$RM -f $FILE

exit 0
