sub clean {
        my $self = shift;

        my $config = AKLib::Config->open();

        my $ldap   = new AKLib::Utils::LDAPConnection();
        my $getent = new AKLib::Utils::Getent;

        my $rt3ak  = $config->loadCollax_Rt3_General();
        my $rt3db  = new AKLib::Opt::Collax::Rt3::DB;

        my @tmp_rt3Groups   = ();
        my @tmp_rt3Users    = ();
        my @all_rt3akGroups = ();
        my @all_rt3akUsers  = ();

        my $all_rt3dbGroups = $rt3db->getGroups();
        my $all_rt3dbUsers  = $rt3db->getUsers();

        push @tmp_rt3Groups, $rt3ak->rt3Groups, $rt3ak->rt3AdminGroups;
        @all_rt3akGroups = keys %{{ map { $_ => 1 } @tmp_rt3Groups }};

        foreach my $group ( @all_rt3akGroups ) {
                my $data = $getent->getGroupByName(lc($group));
                push @tmp_rt3Users, $data->members;
        }

        @all_rt3akUsers = keys %{{ map { $_ => 1 } @tmp_rt3Users }};

        # all rt db user
        foreach my $user ( @{$all_rt3dbUsers} ) {
                if ( grep(/^$user$/, @all_rt3akUsers) ) {
                        $rt3db->enableUser($user);
                        print STDERR "enabling user $user\n";
                } else {
                        $rt3db->disableUser($user);
                        print STDERR "disabling user $user\n";
                }
        }

        # all rt db groups
        foreach my $group ( @{$all_rt3dbGroups} ) {
                if ( grep(/^$group$/, @all_rt3akGroups) ) {
                        print STDERR "enabling group $group\n";
                        $rt3db->enableGroup($group);
                } else {
                        print STDERR "disabling group $group\n";
                        $rt3db->disableGroup($group);
                }

                # remove members
                my $members = $rt3db->getGroupMembers($group);
                foreach my $member ( @$members ) {
                        print STDERR "removin member: " . $member . " from group $group\n";
                        $rt3db->deleteGroupMember($group, $member); # will be added later
                }
        }

        # all rt ak users       
        foreach my $user ( @all_rt3akUsers ) {
                #FIXME: should add ldap user attr to method addUser
                #my $ldap_user_data = new AKLib::Utils::LDAPUser($ldap, $user);
                #use Data::Dumper;
                #print STDERR Dumper($ldap_user_data);

                print "adding/updating user: " . $user . "\n";
                $rt3db->addUser($user);
        }

        # all rt groups
        foreach my $group ( @all_rt3akGroups ) {
                print STDERR "creating/re-enabling group $group\n";

                my $grp = $config->loadGroup($group);

                $rt3db->addGroup($group, $grp->info);
                $rt3db->enableGroup($group);

                $rt3db->removeGroupRight($group, "SuperUser"); # rights will be set later

                # add members to group
                my $data    = $getent->getGroupByName(lc($group));

                foreach my $member ( $data->members ) {
                        print STDERR "adding member: " . $member . " to group $group\n";
                        $rt3db->addGroupMember($group, $member);
                }
        }

        # rt admin groups
        foreach my $group ( $rt3ak->rt3AdminGroups ){
        print STDERR "adding SuperUser perm to group: " . $group . "\n";
                $rt3db->addGroupRight($group, "SuperUser");
        }
}