#!/usr/bin/env python3
import ldap
import config
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, config.ldap_cafile)
l = ldap.initialize(config.ldap_server)
l.simple_bind_s(config.ldap_user, config.ldap_pass)
r = l.search_s("dc=leitstelle511,dc=net", ldap.SCOPE_SUBTREE, "(&(objectClass=posixaccount)(memberOf=cn=keymatic,ou=groups,dc=leitstelle511,dc=net))", ["sshKey", "memberOf", "mail"])
#r = l.search_s("dc=leitstelle511,dc=net", ldap.SCOPE_SUBTREE, config.ldap_filter, ["sshKey", "memberOf", "mail"])

def checkKey(bk):
    try:
        k = bk.decode()
        kp = k.split(' ')
        if "keymatic" in kp[-1].lower():
            return True

    except:
        print("# Error while checking Key")
    return False

for e in r:
    if 'sshKey' in e[1]:
        print("# User: {}".format(e[0]))
        for k in e[1]['sshKey']:
            if(checkKey(k)):
                print(k.decode())
    elif False:
        print("# User: {} has no Key".format(e[0]))
        if('mail' in e[1]):
            print("# - MAIL: {}".format(e[1]['mail']))