package ldap_lib

import (
	"errors"

	"github.com/go-ldap/ldap/v3"
)

type Ldap struct {
	conn *ldap.Conn
}

func NewLdap(conn *ldap.Conn) *Ldap {
	return &Ldap{conn}
}

// 更新资源(分组/用户)
func (l *Ldap) Update(DN string, attr map[string][]string) error {
	modify := ldap.NewModifyRequest(DN, nil)
	for key, v := range attr {
		modify.Replace(key, v)
	}
	return l.conn.Modify(modify)
}

// 创建资源(分组/用户)
func (l *Ldap) Create(DN string, attr map[string][]string) error {
	add := ldap.NewAddRequest(DN, nil)
	for key, v := range attr {
		add.Attribute(key, v)
	}
	return l.conn.Add(add)
}

// 删除资源(分组/用户)
func (l *Ldap) Delete(DN string) error {
	del := ldap.NewDelRequest(DN, nil)
	return l.conn.Del(del)
}

// 查询资源(分组/用户)
func (l *Ldap) Search(DN, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
	if filter == "" {
		filter = "(objectClass=*)" //查询多个 与(&(objectClass=a)(objectClass=b)) 或  (|(objectClass=a)(objectClass=b))
	}
	searchRequest := ldap.NewSearchRequest(
		DN,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		filter,
		attr,
		controls,
	)
	// 执行搜索请求
	return l.conn.Search(searchRequest)
}

// AddUserToGroup 添加用户到分组(暂时不用这种方式除非组里面objectClass设置了groupOfNames)
func (l *Ldap) AddUserToGroup(groupDN, userDN string) error {
	//判断dn是否以ou开头
	if groupDN[:3] == "ou=" {
		return errors.New("不能添加用户到OU组织单元")
	}
	modify := ldap.NewModifyRequest(groupDN, nil)
	modify.Add("uniqueMember", []string{userDN})
	return l.conn.Modify(modify)
}

// DelUserFromGroup 将用户从分组删除(暂时不用这种方式除非组里面objectClass设置了groupOfNames)
func (l *Ldap) RemoveUserFromGroup(groupDN, userDN string) error {
	modify := ldap.NewModifyRequest(groupDN, nil)
	modify.Delete("uniqueMember", []string{userDN})
	return l.conn.Modify(modify)
}