namespace ZB.MOM.WW.Auth.Ldap.Internal;
using System.Net.Security;
using ZB.MOM.WW.Auth.Abstractions.Ldap;
///
/// A single LDAP search result entry: its DN and a flat attribute bag.
///
internal sealed record LdapSearchEntry(
string Dn,
IReadOnlyDictionary> Attributes);
///
/// Abstraction over a single LDAP connection. Allows unit-testing
/// LdapAuthService without a live directory server.
///
internal interface ILdapConnection : IDisposable
{
///
/// Opens (and optionally upgrades to TLS) a connection to the given host.
///
/// The LDAP server hostname or IP.
/// The LDAP server port.
/// The transport security mode.
///
/// When AND no is
/// supplied, TLS server-certificate validation is bypassed (dev/test only). Ignored when a
/// validation callback is supplied (the callback wins) or for plaintext transport.
///
/// The connection/operation timeout in milliseconds.
///
/// Optional TLS server-certificate validation callback. When , the OS trust
/// store is used (the client does not blind-accept).
///
void Connect(
string host,
int port,
LdapTransport transport,
bool allowInsecure,
int timeoutMs,
RemoteCertificateValidationCallback? serverCertificateValidationCallback);
/// Binds with the supplied DN and password. Throws LdapException on bad credentials.
void Bind(string dn, string password);
/// Executes a subtree search and returns all matching entries.
IReadOnlyList Search(string searchBase, string filter, IReadOnlyList attributes);
}
/// Factory that produces instances.
internal interface ILdapConnectionFactory
{
ILdapConnection Create();
}