#!/bin/sh -e

. alterator-openldap-functions

[ -n "$DN_CONF" ] || fatal "DN_CONF not set"

[ "$#" -eq 1 ] || fatal "more arguments required"
group="$1"; shift

gid="$(ldap-getent group "$group"|cut -f3 -d:)"

ldap-getent passwd| cut -f4 -d:|fgrep -xqs "$gid" && fatal "cannot remove user's primary group"

ldapdelete -D "$rootdn" $rootpw -x -H "ldap://${host:-127.0.0.1}" "cn=$group,ou=Group,$base" > /dev/null
