#!/bin/ksh
#  ALTRAN_PROLOG_BEGIN_TAG                                                    
#  This is an automatically generated prolog.                                  
#                                                                              
#  Copyright (C) Altran ACT S.A.S. 2019,2021.  All rights reserved.  
#                                                                              
#  ALTRAN_PROLOG_END_TAG                                                      
#                                                                              
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# 61haes_r714 src/43haes/usr/sbin/cluster/cspoc/utilities/cl_ldap_client_del.sh 1.1 
#  
# Licensed Materials - Property of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2010,2011 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 
# @(#)  7d4c34b 43haes/usr/sbin/cluster/cspoc/utilities/cl_ldap_client_del.sh, 726, 2147A_aha726, Feb 05 2021 09:50 PM
. /usr/es/sbin/cluster/cspoc/cl_federatedsec_source
fsec_init

odm_check

# For a non root user, finding the user name.
[[ -z "$LOGIN" ]] && user_name=$(id -nu 2>/dev/null) || user_name="$LOGIN"
if [[ $user_name != "root" ]];then
    # Check if RBAC is enabled
    typeset is_rbac_enabled=""
    is_rbac_enabled=$(clodmget -nq "group=LDAPClient and name=RBACConfig" -f value HACMPLDAP 2>/dev/null)

    if [[ $is_rbac_enabled != "YES" ]];then
        dspmsg -s 129 cspoc.cat 218 "This action can be performed only with root."
        exit 1
    fi
fi

[[ -z `odmget -q "group=LDAPClient and name=ServerList" HACMPLDAP` ]] && {  dspmsg -s 129 cspoc.cat 134 "A LDAP client is not defined.\n"; exit 2; }

KS_mode=$(clodmget -n -q "group=EFSKeyStore AND name=mode" -f value HACMPLDAP 2>/dev/null)

[[ $KS_mode == 1 ]] && {
    {  dspmsg -s 129 cspoc.cat 141 "EFS Keystore with LDAP mode is configured, make sure to delete that first through 'smit sysmirror'.\n"; exit 2; }
	}

CLNT_KDB_PATH=$(clodmget -n -q "group=LDAPClient and name=ClientKdbPath" -f value HACMPLDAP|sort -u 2>/dev/null) 
[[ -z $CLNT_KDB_PATH ]] && ret_fail "Client key path not found." 1 

# While removing a node from cluster, if value of remove_on_oneNode is YES removing ldap client only on removed node.
if [[ $remove_on_oneNode == "YES" ]];then
    ${HA_BASE_PATH}/cspoc/cl_ldapcl_del "$CLNT_KDB_PATH" 1 >/dev/null 2>&1 || ret_fail "___client delete failed" $?
else
    run_on_allnode "FSECDEBUG=$FSECDEBUG ${HA_BASE_PATH}/cspoc/cl_ldapcl_del "$CLNT_KDB_PATH" 1" >/dev/null 2>&1 || ret_fail "client delete failed" $?
fi

odmdelete -o HACMPLDAP -q group=LDAPClient >/dev/null || ret_fail "odmdelete failed" $?

#For removing ldap client on one node fsec_vsync is not required.
if [[ ! $add_on_oneNode == "YES" ]]
then
    fsec_vsync "LDAP Client delete" || ret_fail "clverify restriction failed" $?
fi

#Operation performed only on removed node of cluster, hence run_on_allnode not required.
if [[ $remove_on_oneNode == "YES" ]];then
    rm -rf $FSEC_LOG_DIR || ret_fail "Removing log directory failed." $?
else
    run_on_allnode "rm -rf $FSEC_LOG_DIR" || ret_fail "Removing log directory failed." $?
fi

exit 0