#!/usr/bin/tclsh

set ldap(protocol) 3
set ldap(host) 10.0.1.3
set ldap(port) 389
set ldap(searchbase) {dc=example,dc=org}
set ldap(dnformat) {uid=$userid,dc=example,dc=org}
set ldap(useridattr) uid
set ldap(usernameattr) cn
set ldap(searchprog) /usr/bin/ldapsearch

source cgi.tcl

cgi_eval {
    cgi_input
    foreach i [list op userid password] {
	set $i ""
	catch {cgi_import $i}
    }
    cgi_content_type text/plain

    if {$op=="signin"} {
	set res [catch {
	    exec $ldap(searchprog) -P $ldap(protocol) -h $ldap(host) \
	            -p $ldap(port) -x -LLL -b $ldap(searchbase) \
	            -D [subst $ldap(dnformat)] -w $password \
	            (${ldap(useridattr)}=${userid}) $ldap(usernameattr)
	} output]
	if {$res==0 && [regexp "^dn: .*\n${ldap(usernameattr)}: (.*)\$" \
	        $output dummy name]} {
	    cgi_puts "status ok"
	    cgi_puts "username $name"
	} else {
	    cgi_puts "status error"
	    cgi_puts "could not signin"
	} 

    } elseif {$op=="finduser"} {
	set res [catch {
	    exec $ldap(searchprog) -P $ldap(protocol) -h $ldap(host) \
	            -p $ldap(port) -x -LLL -b $ldap(searchbase) \
	            (${ldap(useridattr)}=${userid}) $ldap(usernameattr)
	} output]
	if {$res==0} {
	    if {[regexp "^dn: .*\n${ldap(usernameattr)}: (.*)\$" \
		   $output dummy name]} {
		cgi_puts "status ok"
		cgi_puts "username $name"
	    } else {
		cgi_puts "status error"
		cgi_puts "unknown user"
	    } 
	} else {
	    cgi_puts "status error"
	    cgi_puts "LDAP call failed"
	}

    } else {
	cgi_puts "status error"
	cgi_puts "Invalid operation"
    }
}