liquid_feedback_frontend

annotate env/ldap/check_credentials.lua @ 1516:9d99a4f262a2

Fixed privilege check for support via API
author bsw
date Thu Aug 20 14:03:09 2020 +0200 (2020-08-20)
parents 58f48a8a202a
children
rev   line source
bsw@1071 1 -- check if credentials (given by a user) are valid to bind to LDAP
bsw@1071 2 -- --------------------------------------------------------------------------
bsw@1071 3 --
bsw@1071 4 -- arguments:
bsw@1071 5 -- dn: The distinguished name to be used fo binding (string, required)
bsw@1071 6 -- password: Password credentials (string, required)
bsw@1071 7 --
bsw@1071 8 -- returns
bsw@1071 9 -- success: true in cases of valid credentials
bsw@1071 10 -- false in cases of invalid credentials
bsw@1071 11 -- nil in undetermined cases, i.e. unavailable LDAP server
bsw@1071 12 -- err: error code in case of errors, otherwise nil (string)
bsw@1071 13 -- err2: error dependent extra error information
bsw@1071 14
bsw@1071 15 function ldap.check_credentials(login, password)
bsw@1071 16
bsw@1071 17 local filter = config.ldap.member.login_filter_map(login)
bsw@1071 18 local ldap_entry, err, err2 = ldap.get_member_entry(filter)
bsw@1071 19
bsw@1071 20 if err == "too_many_entries_found" then
bsw@1071 21 return false, "invalid_credentials"
bsw@1071 22 end
bsw@1071 23
bsw@1071 24 if err then
bsw@1071 25 return nil, err
bsw@1071 26 end
bsw@1071 27 if not ldap_entry then
bsw@1071 28 return false, "invalid_credentials"
bsw@1071 29 end
bsw@1071 30
bsw@1071 31 local dn = ldap_entry.dn
bsw@1071 32
bsw@1071 33 local ldap, err, err2 = ldap.bind(dn, password)
bsw@1071 34
bsw@1071 35 if err == "invalid_credentials" then
bsw@1071 36 return false, "invalid_credentials"
bsw@1071 37 end
bsw@1071 38
bsw@1071 39 if err then
bsw@1071 40 return nil, err, err2
bsw@1071 41 end
bsw@1071 42
bsw@1071 43 ldap:unbind()
bsw@1071 44
bsw@1071 45 return ldap_entry
bsw@1071 46
bsw@1071 47 end

Impressum / About Us