package ldap

import (
	"errors"
	"ferry/pkg/logger"
	"fmt"

	"github.com/go-ldap/ldap/v3"
	"github.com/spf13/viper"
)

/*
  @Author : lanyulei
*/

func searchRequest(username string) (userInfo *ldap.Entry, err error) {
	var cur *ldap.SearchResult

	// 用来获取查询权限的用户。如果 ldap 禁止了匿名查询，那我们就需要先用这个帐户 bind 以下才能开始查询
	if !viper.GetBool("settings.ldap.anonymousQuery") {
		err = conn.Bind(
			fmt.Sprintf("cn=%v,%v",
				viper.GetString("settings.ldap.bindUser"),
				viper.GetString("settings.ldap.baseDn")),
			viper.GetString("settings.ldap.bindPwd"))
		if err != nil {
			logger.Error("用户或密码错误。", err)
			return
		}
	}

	sql := ldap.NewSearchRequest(
		viper.GetString("settings.ldap.baseDn"),
		ldap.ScopeWholeSubtree,
		ldap.DerefAlways,
		0,
		0,
		false,
		fmt.Sprintf("(cn=%s)", username),
		[]string{"dn", "sAMAccountName", "displayName", "mail", "mobile", "employeeID", "givenName"},
		nil)

	if cur, err = conn.Search(sql); err != nil {
		err = errors.New(fmt.Sprintf("在Ldap搜索用户失败, %v", err))
		logger.Error(err)
		return
	}

	if len(cur.Entries) == 0 {
		err = errors.New("未查询到对应的用户信息。")
		logger.Error(err)
		return
	}

	userInfo = cur.Entries[0]

	return
}