require 'ldap'

#
#  The LDAP-protocol test.
#
#  This object is instantiated if the parser sees a line such as:
#
###
### foo.vm.bytemark.co.uk must run ldap with username 'user' and password 'xx' otherwise 'auth-server fail'.
###
#
#  The specification of the port is optional and defaults to 389.
#
module Custodian

  module ProtocolTest

    class LDAPTest < TestFactory


      #
      # Constructor
      #
      def initialize( line )

        #
        # Save the line.
        #
        @line = line

        #
        # Save the host
        #
        @host  = line.split( /\s+/)[0]

        #
        # The username/password
        #
        @ldap_user = nil
        @ldap_pass = nil

        if ( line =~ /with\s+username\s+'([^']+)'/ )
          @ldap_user = $1.dup
        end
        if ( line =~ /with\s+password\s+'([^']+)'/ )
          @ldap_pass = $1.dup
        end

        if ( @ldap_user.nil? )
          raise ArgumentError, "No username specified: #{@line}"
        end
        if ( @ldap_pass.nil? )
          raise ArgumentError, "No password specified: #{@line}"
        end

        #
        # Is this test inverted?
        #
        if ( line =~ /must\s+not\s+run\s+/ )
          @inverted = true
        else
          @inverted = false
        end

        #
        # Save the port
        #
        if ( line =~ /on\s+([0-9]+)/ )
          @port = $1.dup.to_i
        else
          @port = 389
        end
      end




      #
      # Allow this test to be serialized.
      #
      def to_s
        @line
      end




      #
      # Run the test.
      #
      def run_test

        # reset the error, in case we were previously executed.
        @error = nil

        begin
          #  Connect.
          ldap = LDAP::Conn.new( @host, @port )
          ldap.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)

          #  Hardwired search is bad..
          base = 'ou=groups,dc=bytemark,dc=co,dc=uk'
          scope = LDAP::LDAP_SCOPE_SUBTREE
          filter = '(cn=vpn*)'
          attrs = ['sn', 'cn']

          #  Bind.
          ldap.bind( @ldap_user, @ldap_pass )
          if ( ldap.bound? )

            #
            # Search
            #
            ldap.search(base,scope,filter,attrs)  { |entry|
              puts "We found an LDAP result #{entry.vals('cn')}"
            }
            ldap.unbind
            return true
          else
            @error = "failed to bind to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
            return false.
          end
        end
      rescue LDAP::ResultError => ex
        @error = "LDAP exception: #{ex} when talking to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
        return false
      end

      @error = "LDAP server test failed against '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
      return false
    end


    #
    # If the test fails then report the error.
    #
    def error
      @error
    end




    register_test_type "ldap"




  end
end
end