#include <stdio.h>
#include <stdbool.h>
#include <ldap.h>
#include "lutil.h"
#include "lutil_ldap.h"

/*
import ldap
from ldap import sasl
from ldap.ldapobject import SimpleLDAPObject

SASL_AUTH = ldap.sasl.sasl({},'GSSAPI')

def make_conn(url):
	cert_path = '/etc/pki/tls/certs/ca-bundle.crt'
	conn = SimpleLDAPObject(url)
	ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
	ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_path)
	try:
		conn.sasl_interactive_bind_s('', SASL_AUTH)
	except ldap.SERVER_DOWN:
		conn.sasl_interactive_bind_s('', SASL_AUTH)
	conn.unbind_s()

make_conn('ldaps://localhost:636')
*/


static bool do_ldap()
{
	LDAP *ldap = NULL;
	char *sasl_realm = NULL;
	char *sasl_authc_id = NULL;
	char *sasl_authz_id = NULL;
	char *sasl_mech = "GSSAPI";
	unsigned sasl_flags = LDAP_SASL_INTERACTIVE;   
	void *defaults;
	int dbg = 255;
	int protocol = 3;
	int rc;

	rc = ldap_initialize(&ldap, "ldaps://localhost:636");
	if (rc != LDAP_SUCCESS) {
		fprintf(stderr, "ldap_initialize() failed: %s\n", ldap_err2string(rc));
		return false;
	}

	ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &dbg);
	ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE, "/never-mind-the-certs/x.crt");
	ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &protocol);   

	defaults = lutil_sasl_defaults(ldap, sasl_mech, sasl_realm, sasl_authc_id, NULL, sasl_authz_id);

	rc = ldap_sasl_interactive_bind_s(ldap, NULL, sasl_mech, NULL, NULL, sasl_flags, lutil_sasl_interact, defaults);
	if (rc != LDAP_SUCCESS) {
		fprintf(stderr, "bind failed: %s, retrying for fun and profit!\n", ldap_err2string(rc));
		rc = ldap_sasl_interactive_bind_s(ldap, NULL, sasl_mech, NULL, NULL, sasl_flags, lutil_sasl_interact, defaults);
	}
	lutil_sasl_freedefs(defaults);

	ldap_unbind_ext_s(ldap, NULL, NULL);
	return true;
}

int main()
{
    return (do_ldap());
}