test_ldap = {

  version = "1.0.1"

  # 2013-03-27 - GMF - 1.0.1 - Fixed bug where admin password was used for login password

  label = "Test LDAP"
  shortcut = "tl"
  parameters = {
    ldap_server_hostname = {
      shortcut = "lsh"
      required = true
    }
    ldap_base = {
      shortcut = "lb"
      required = true
    }
    ldap_username_label = {
      shortcut = "lul"
      required = true
    }
    use_ssl_for_ldap = {
      shortcut = "usfl"
      required = true
    }
    login_uname = {
      shortcut = "lu"
      required = true
    }
    login_password = {
      shortcut = "lp"
      required = true
    }
    admin_dn = {
      shortcut = "ad"
      required = true
    }
    admin_password = {
      shortcut = "ap"
      required = true
    }
  }
  expression = `

echo("login_username: " . login_uname);

# Build the LDAP connection URL
string url = if (use_ssl_for_ldap) then "ldaps" else "ldap";
url .= "://" . ldap_server_hostname . "/";
echo("url: " . url);

# Initialize LDAP
string ld = ldap_initialize(url);
echo("result of ldap_initialize: " . ld);

# Bind to LDAP as administrator
node info = new_node();
@info{"dn"} = admin_dn;
echo("binding to DN: " . @info{"dn"});
@info{"password"} = admin_password;
echo("Calling ldap_bind() with info: " . node_as_string(info));
bool success = ldap_bind(ld, info);
echo("BOUND: success=" . success);

if (!success) then (
  echo("ldap_bind() failed");
  echo("ldap_error_return_code=" . volatile.ldap_error_return_code);
  echo("ldap_errno=" . volatile.ldap_errno);
  echo("ldap_error_message=" . volatile.ldap_error_message);
  echo("ldap_error_message_ret=" . volatile.ldap_error_message_ret);
);


# Find the login user in the directory
node searchinfo = new_node();
@searchinfo{"base"} = ldap_base;
@searchinfo{"scope"} = "subtree";
@searchinfo{"filter"} = "(sAMAccountName=" . login_uname . ")";
echo("searchinfo: " . node_as_string(searchinfo));
node searchResult = ldap_search(ld, searchinfo);
echo("searchResult: " . node_as_string(searchResult));

if (num_subnodes(searchResult) == 0) then
  error("Search returns no results");

# Get the login user's DN
string login_user_dn = @searchResult{0}{'distinguishedName'};
echo("login_user_dn: " . login_user_dn);

# Bind to them, to check their password
@info{"dn"} = login_user_dn;
echo("binding to login user DN: " . @info{"dn"});
@info{"password"} = login_password;
echo("Calling ldap_bind() with info: " . node_as_string(info));
bool success = ldap_bind(ld, info);
echo("USER BIND: success=" . success);

if (!success) then (
  echo("ldap_bind() failed");
  echo("ldap_error_return_code=" . volatile.ldap_error_return_code);
  echo("ldap_errno=" . volatile.ldap_errno);
  echo("ldap_error_message=" . volatile.ldap_error_message);
  echo("ldap_error_message_ret=" . volatile.ldap_error_message_ret);

);

#  # Run a search to find who reports to this user [FAKING IT RIGHT NOW WITH displayName]
#  node searchinfo = new_node();
#  @searchinfo{"base"} = ldap_base;
#  @searchinfo{"scope"} = "subtree";
#  @searchinfo{"filter"} = "(sAMAccountName=dgilmore)";
#  echo("searchinfo: " . node_as_string(searchinfo));
#  node searchResult = ldap_search(ld, searchinfo);
#  echo("reportsTo search result: " . node_as_string(searchResult));


`
} # test_ldap