#! /usr/bin/python

import __init__
import ldap
import os

class new(__init__.UserDB):
    def init(self, config):
        self.ldap_host            = config.get('LDAP', 'host')
        self.ldap_base_dn         = config.get('LDAP', 'base_dn')
        self.ldap_search_template = config.get('LDAP', 'search_template')
    
    
    def lookup(self, username):
        conn = ldap.open(self.ldap_host)
        search_filter = self.ldap_search_template % { 'username': username }
        
        result = conn.search_s(self.ldap_base_dn, ldap.SCOPE_SUBTREE, search_filter, ['uidNumber', 'gidNumber'])
        assert result, 'No results from LDAP search (invalid user?)'
        assert len(result) == 1, 'No or more than one results from LDAP search'
        
        # each result returned is a two-element array. the first element
        # is the dn of the object returned and the second is a hash/dict
        # of the attributes returned. we're only dealing with one entry so
        # we use subscript shortcuts to get what we want. also, each
        # attribute value is an array since there can be multiple values.
        # there can only be one uidNumber so we always want the first value.
        
        # first result, attributes element in its array, uidNumber attribute values,
        #   first (and only) value in array
        uid_number = result[0][1]['uidNumber'][0]
        # do the same for gidNumber so we can setgid
        gid_number = result[0][1]['gidNumber'][0]
        
        # setgid must be first
        os.setgid(int(gid_number))
        os.setuid(int(uid_number))
        
        # mold the result into what we need. this should really be configurable
        # somehow
        return '/data/dovecot/store/%(uid_number)s' % { 'uid_number': uid_number }