#
#  The LDAP-protocol test.
#
#  This object is instantiated if the parser sees a line such as:
#
###
### foo.vm.bytemark.co.uk must run ldap with username 'user' and password 'xx' otherwise 'auth-server fail'.
###
#
#  The specification of the port is optional and defaults to 389.
#
module Custodian

  module ProtocolTest

    class LDAPTest < TestFactory


      #
      # Constructor
      #
      def initialize(line)

        #
        # Save the line.
        #
        @line = line

        #
        # Save the host
        #
        @host  = line.split(/\s+/)[0]

        #
        # The username/password
        #
        @ldap_user = nil
        @ldap_pass = nil

        if  line =~ /with\s+username\s+'([^']+)'/ 
          @ldap_user = $1.dup
        end
        if  line =~ /with\s+password\s+'([^']+)'/ 
          @ldap_pass = $1.dup
        end

        if  @ldap_user.nil? 
          raise ArgumentError, "No username specified: #{@line}"
        end
        if  @ldap_pass.nil? 
          raise ArgumentError, "No password specified: #{@line}"
        end

        #
        # Is this test inverted?
        #
        if  line =~ /must\s+not\s+run\s+/ 
          @inverted = true
        else
          @inverted = false
        end

        #
        # Save the port
        #
        if  line =~ /on\s+([0-9]+)/ 
          @port = $1.dup.to_i
        else
          @port = 389
        end
      end



      #
      # Allow this test to be serialized.
      #
      def to_s
        @line
      end




      #
      # Run the test.
      #
      def run_test

        begin
          require 'ldap'
        rescue LoadError
          @error = 'LDAP library not available - test disabled'
          return false
        end

        # reset the error, in case we were previously executed.
        @error = nil

        begin
          #  Connect.
          ldap = LDAP::Conn.new(@host, @port)
          ldap.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)

          #  Hardwired search is bad..
          base = 'ou=groups,dc=bytemark,dc=co,dc=uk'
          scope = LDAP::LDAP_SCOPE_SUBTREE
          filter = '(cn=vpn*)'
          attrs = ['sn', 'cn']

          #  Bind.
          ldap.bind(@ldap_user, @ldap_pass)
          if  ldap.bound? 

            #
            # Search
            #
            ldap.search(base, scope, filter, attrs)  { |entry|
              puts "We found an LDAP result #{entry.vals('cn')}"
            }
            ldap.unbind
            return true
          else
            @error = "failed to bind to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
            return false
          .end
        end
      rescue LDAP::ResultError => ex
        @error = "LDAP exception: #{ex} when talking to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
        return false
      end

      @error = "LDAP server test failed against '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
      false
    end


    #
    # If the test fails then report the error.
    #
    def error
      @error
    end




    register_test_type 'ldap'


    end
  end
end