#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#  SPDX-License-Identifier: Apache-2.0

# {fact rule=ldap-authentication@v1.0 defects=1}
def authenticate_connection_noncompliant():
    import ldap
    import os
    connect = ldap.initialize('ldap://127.0.0.1:1389')
    connect.set_option(ldap.OPT_REFERRALS, 0)
    # Noncompliant: authentication disabled.
    connect.simple_bind('cn=root')
# {/fact}


# {fact rule=ldap-authentication@v1.0 defects=0}
def authenticate_connection_compliant():
    import ldap
    import os
    connect = ldap.initialize('ldap://127.0.0.1:1389')
    connect.set_option(ldap.OPT_REFERRALS, 0)
    # Compliant: simple security authentication used.
    connect.simple_bind('cn=root', os.environ.get('LDAP_PASSWORD'))
# {/fact}