#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Debug LDAP search to find the correct format"""

import os
import sys
from dotenv import load_dotenv
from ldap3 import Server, Connection, SUBTREE, ALL_ATTRIBUTES

# Load environment variables
load_dotenv()

def debug_ldap():
    """Debug LDAP search"""
    print("=" * 60)
    print("Debug LDAP Search")
    print("=" * 60)
    
    # Get LDAP configuration
    ldap_server = os.getenv('LDAP_SERVER', 'ldap://panjit.com.tw')
    ldap_port = int(os.getenv('LDAP_PORT', 389))
    ldap_bind_user = os.getenv('LDAP_BIND_USER_DN', '')
    ldap_bind_password = os.getenv('LDAP_BIND_USER_PASSWORD', '')
    ldap_search_base = os.getenv('LDAP_SEARCH_BASE', 'DC=panjit,DC=com,DC=tw')
    
    print(f"LDAP Server: {ldap_server}")
    print(f"LDAP Port: {ldap_port}")
    print(f"Search Base: {ldap_search_base}")
    print("-" * 60)
    
    try:
        # Create server object
        server = Server(
            ldap_server,
            port=ldap_port,
            use_ssl=False,
            get_info=ALL_ATTRIBUTES
        )
        
        # Create connection with bind user
        conn = Connection(
            server,
            user=ldap_bind_user,
            password=ldap_bind_password,
            auto_bind=True,
            raise_exceptions=True
        )
        
        print("[OK] Successfully connected to LDAP server")
        
        # Test different search filters
        test_searches = [
            "(&(objectClass=person)(sAMAccountName=ymirliu))",
            "(&(objectClass=person)(userPrincipalName=ymirliu@panjit.com.tw))",
            "(&(objectClass=person)(mail=ymirliu@panjit.com.tw))",
            "(&(objectClass=person)(cn=*ymirliu*))",
            "(&(objectClass=person)(displayName=*ymirliu*))",
        ]
        
        for i, search_filter in enumerate(test_searches, 1):
            print(f"\n[{i}] Testing filter: {search_filter}")
            
            conn.search(
                ldap_search_base,
                search_filter,
                SUBTREE,
                attributes=['sAMAccountName', 'displayName', 'mail', 'userPrincipalName', 'cn']
            )
            
            if conn.entries:
                print(f"    Found {len(conn.entries)} entries:")
                for entry in conn.entries:
                    print(f"      sAMAccountName: {entry.sAMAccountName}")
                    print(f"      userPrincipalName: {entry.userPrincipalName}")
                    print(f"      displayName: {entry.displayName}")
                    print(f"      mail: {entry.mail}")
                    print(f"      cn: {entry.cn}")
                    print()
            else:
                print("    No entries found")
        
        conn.unbind()
        
    except Exception as e:
        print(f"[ERROR] LDAP connection failed: {str(e)}")
        import traceback
        traceback.print_exc()

if __name__ == "__main__":
    debug_ldap()