annotate env/ldap/check_credentials.lua @ 1321:a0d6c347ce7f
Configureable text when rejected because of age
author |
bsw |
date |
Wed Aug 01 18:05:18 2018 +0200 (2018-08-01) |
parents |
58f48a8a202a |
children |
|
rev |
line source |
bsw@1071
|
1 -- check if credentials (given by a user) are valid to bind to LDAP
|
bsw@1071
|
2 -- --------------------------------------------------------------------------
|
bsw@1071
|
3 --
|
bsw@1071
|
4 -- arguments:
|
bsw@1071
|
5 -- dn: The distinguished name to be used fo binding (string, required)
|
bsw@1071
|
6 -- password: Password credentials (string, required)
|
bsw@1071
|
7 --
|
bsw@1071
|
8 -- returns
|
bsw@1071
|
9 -- success: true in cases of valid credentials
|
bsw@1071
|
10 -- false in cases of invalid credentials
|
bsw@1071
|
11 -- nil in undetermined cases, i.e. unavailable LDAP server
|
bsw@1071
|
12 -- err: error code in case of errors, otherwise nil (string)
|
bsw@1071
|
13 -- err2: error dependent extra error information
|
bsw@1071
|
14
|
bsw@1071
|
15 function ldap.check_credentials(login, password)
|
bsw@1071
|
16
|
bsw@1071
|
17 local filter = config.ldap.member.login_filter_map(login)
|
bsw@1071
|
18 local ldap_entry, err, err2 = ldap.get_member_entry(filter)
|
bsw@1071
|
19
|
bsw@1071
|
20 if err == "too_many_entries_found" then
|
bsw@1071
|
21 return false, "invalid_credentials"
|
bsw@1071
|
22 end
|
bsw@1071
|
23
|
bsw@1071
|
24 if err then
|
bsw@1071
|
25 return nil, err
|
bsw@1071
|
26 end
|
bsw@1071
|
27 if not ldap_entry then
|
bsw@1071
|
28 return false, "invalid_credentials"
|
bsw@1071
|
29 end
|
bsw@1071
|
30
|
bsw@1071
|
31 local dn = ldap_entry.dn
|
bsw@1071
|
32
|
bsw@1071
|
33 local ldap, err, err2 = ldap.bind(dn, password)
|
bsw@1071
|
34
|
bsw@1071
|
35 if err == "invalid_credentials" then
|
bsw@1071
|
36 return false, "invalid_credentials"
|
bsw@1071
|
37 end
|
bsw@1071
|
38
|
bsw@1071
|
39 if err then
|
bsw@1071
|
40 return nil, err, err2
|
bsw@1071
|
41 end
|
bsw@1071
|
42
|
bsw@1071
|
43 ldap:unbind()
|
bsw@1071
|
44
|
bsw@1071
|
45 return ldap_entry
|
bsw@1071
|
46
|
bsw@1071
|
47 end
|