#!/usr/local/bin/perl

use strict;
use warnings;

use Authen::SASL;
use Net::LDAP;

my $username = 'dvl';

# Search for the user entry
my $filter = "(&(objectClass=person)(CN=$username))";
my $base   = "OU=People,DC=us,DC=example,DC=com";
my $dc     = "dc.us.example.com";

my $sasl = Authen::SASL->new( mechanism => 'GSSAPI', debug => 1 ) or die 'failed to create sasl';

my $ldap = Net::LDAP->new($dc, port => 636, scheme => 'ldaps') or die "$@";

my $dse  = $ldap->root_dse;
die "Can't support GSSAPI" unless $dse->supported_sasl_mechanism('GSSAPI');

my $mesg = $ldap->bind( 'sasl' => $sasl, version => 3 ) or die "$@";
die 'Error ' . $mesg->code . ': ' . $mesg->error if $mesg->code;
if($mesg->is_error())
{
    die "Failed to set version: " . $mesg->error() . "\n";
}

print "searching with filter='$filter' and base='$base'\n";
$mesg = $ldap->search(base => $base, filter => $filter);

if($mesg->is_error())
{
    die "Failed to retrieve user entry: " . $mesg->error() . ' ' . $mesg->error_name() . ' ' . $mesg->error_desc() . ' ' .  $mesg->code . ' '  . $mesg->mesg_id ( ) . "\n";
}

if($mesg->entries == 0)
{
    die "No records found for user '$username'\n";
}


$ldap->done();