annotate env/ldap/bind.lua @ 1249:62f7e7d4f9ec
merge
 | author | bsw | 
 | date | Tue Apr 05 20:41:05 2016 +0200 (2016-04-05) | 
 | parents | 58f48a8a202a | 
 | children | 35e605322b41 | 
 
 | rev | line source | 
| bsw@1071 | 1 -- binds to configured LDAP server | 
| bsw@1071 | 2 -- -------------------------------------------------------------------------- | 
| bsw@1071 | 3 -- omit arguments for anonymous bind | 
| bsw@1071 | 4 -- | 
| bsw@1071 | 5 -- arguments: | 
| bsw@1071 | 6 --   dn: the distinguished name to be used fo binding (string) | 
| bsw@1071 | 7 --   password: password credentials (string) | 
| bsw@1071 | 8 -- | 
| bsw@1071 | 9 -- returns: | 
| bsw@1071 | 10 --   ldap: in case of success, an LDAP connection handle | 
| bsw@1071 | 11 --   err: in case of an error, an error code (string) | 
| bsw@1071 | 12 --   err2: error dependent extra error information | 
| bsw@1071 | 13 | 
| bsw@1071 | 14 function ldap.bind(dn, password) | 
| bsw@1071 | 15 | 
| bsw@1071 | 16   local libldap = require("mldap") | 
| bsw@1071 | 17 | 
| bsw@1071 | 18   local hostlist = ldap.get_hosts() | 
| bsw@1071 | 19 | 
| bsw@1071 | 20   -- try binding to LDAP server until success of no host entry left | 
| bsw@1071 | 21   local ldap | 
| bsw@1071 | 22   while not ldap do | 
| bsw@1071 | 23 | 
| bsw@1071 | 24     if #hostlist < 1 then | 
| bsw@1071 | 25       break | 
| bsw@1071 | 26     end | 
| bsw@1071 | 27 | 
| bsw@1071 | 28     local host = table.remove(hostlist, 1) | 
| bsw@1071 | 29 | 
| bsw@1071 | 30     local err | 
| bsw@1071 | 31     ldap, err, errno = libldap.bind{ | 
| bsw@1071 | 32       uri = host.uri, | 
| bsw@1071 | 33       timeout = host.timeout, | 
| bsw@1071 | 34       who = dn, | 
| bsw@1071 | 35       password = password | 
| bsw@1071 | 36     } | 
| bsw@1071 | 37 | 
| bsw@1071 | 38     if not err and ldap then | 
| bsw@1071 | 39       return ldap, nil | 
| bsw@1071 | 40     end | 
| bsw@1071 | 41 | 
| bsw@1071 | 42     local errno_string | 
| bsw@1071 | 43 | 
| bsw@1071 | 44     if errno then | 
| bsw@1071 | 45       errno_string = libldap.errorcodes[errno] | 
| bsw@1071 | 46     end | 
| bsw@1071 | 47 | 
| bsw@1071 | 48     if errno == libldap.errorcodes.invalid_credentials then | 
| bsw@1071 | 49       return nil, "invalid_credentials", errno_string | 
| bsw@1071 | 50     end | 
| bsw@1071 | 51   end | 
| bsw@1071 | 52 | 
| bsw@1071 | 53   return nil, "cant_contact_ldap_server" | 
| bsw@1071 | 54 | 
| bsw@1071 | 55 end |