#!/bin/ksh
# Expire a user - this cuts access off immediately

export TOPDIR=/usr/local/lib/ldap
. ${TOPDIR}/etc/vars

if [ ! $LDAPDOMAIN ]
then
	LDAPDOMAIN=$DEFAULTLDAPDOMAIN 
fi

DNDOMAIN=`echo $LDAPDOMAIN | sed -e "s/^/dc=/g" -e "s/\./,dc=/g"`

if [ ${1:-notset} = notset ]
then
	echo "User please"
	exit 1
else
	USER=$1
fi

TODAY=`dse`
YESTERDAY=`expr $TODAY - 1`

cat ${LDIFTMPLTDIR}/expire.ldif | sed -e "s/DNDOMAIN/${DNDOMAIN}/" -e "s/YESTERDAY/${YESTERDAY}/" -e "s/UID/${USER}/" > ${WORKDIR}/expire-${USER}.ldif
ldapmodify -x -w $DIRMGRPW -D "cn=Directory Manager" -h $LDAPSERVER -f ${WORKDIR}/expire-${USER}.ldif
if [ $? -eq 0 ]
then
	mv ${WORKDIR}/expire-${USER}.ldif ${EXPIREDDIR}
else
	echo "Error expiring password for ${USER}"
	exit 1
fi