+our @values;
+our @limits;
+
+sub __ldap_search_to_sql {
+ my ( $how, $what ) = @_;
+ warn "### __ldap_search_to_sql $how ",dump( $what ),"\n";
+ if ( $how eq 'equalityMatch' && defined $what ) {
+ my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?";
+ my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?";
+
+ if ( lc $name eq 'objectclass' ) {
+ $objectclass = $value;
+ } else {
+ push @limits, __sql_column($name) . ' = ?';
+ push @values, $value;
+ }
+ } elsif ( $how eq 'substrings' ) {
+ foreach my $substring ( @{ $what->{substrings} } ) {
+ my $name = $what->{type} || warn "ERROR: no type?";
+ while ( my($op,$value) = each %$substring ) {
+ push @limits, __sql_column($name) . ' LIKE ?';
+ if ( $op eq 'any' ) {
+ $value = '%' . $value . '%';
+ } else {
+ warn "UNSUPPORTED: op $op - using plain $value";
+ }
+ push @values, $value;
+ }
+ }
+ } elsif ( $how eq 'present' ) {
+ my $name = __sql_column( $what );
+ push @limits, "$name IS NOT NULL and length($name) > 1";
+ ## XXX length(foo) > 1 to avoid empty " " strings
+ } else {
+ warn "UNSUPPORTED: $how ",dump( $what );
+ }
+}
+
+
+# my ( $dn,$attributes ) = _dn_attributes( $row, $base );
+
+sub _dn_attributes {
+ my ($row,$base) = @_;
+
+ warn "## row = ",dump( $row ) if $debug;
+
+ die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass};
+
+ $row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n};
+
+ warn "## row = ",dump( $row ) if $debug;
+
+ my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row );
+
+ # this does some sanity cleanup for our data
+# my $base_as_domain = $base;
+# $base_as_domain =~ s{dn=}{.};
+# $base_as_domain =~ s{^\.}{@};
+# $dn =~ s{$base_as_domain$}{};
+#
+# $dn .= ',' . $base unless $dn =~ m{,}; # add base if none present
+
+ return ($dn, $row);
+}
+
+