liquid_feedback_frontend: env/ldap/check

liquid_feedback_frontend

annotate env/ldap/check_credentials.lua @ 1321:a0d6c347ce7f

Configureable text when rejected because of age

author	bsw
date	Wed Aug 01 18:05:18 2018 +0200 (2018-08-01)
parents	58f48a8a202a
children

rev	line source
bsw@1071	1 -- check if credentials (given by a user) are valid to bind to LDAP
bsw@1071	2 -- --------------------------------------------------------------------------
bsw@1071	3 --
bsw@1071	4 -- arguments:
bsw@1071	5 -- dn: The distinguished name to be used fo binding (string, required)
bsw@1071	6 -- password: Password credentials (string, required)
bsw@1071	7 --
bsw@1071	8 -- returns
bsw@1071	9 -- success: true in cases of valid credentials
bsw@1071	10 -- false in cases of invalid credentials
bsw@1071	11 -- nil in undetermined cases, i.e. unavailable LDAP server
bsw@1071	12 -- err: error code in case of errors, otherwise nil (string)
bsw@1071	13 -- err2: error dependent extra error information
bsw@1071	14
bsw@1071	15 function ldap.check_credentials(login, password)
bsw@1071	16
bsw@1071	17 local filter = config.ldap.member.login_filter_map(login)
bsw@1071	18 local ldap_entry, err, err2 = ldap.get_member_entry(filter)
bsw@1071	19
bsw@1071	20 if err == "too_many_entries_found" then
bsw@1071	21 return false, "invalid_credentials"
bsw@1071	22 end
bsw@1071	23
bsw@1071	24 if err then
bsw@1071	25 return nil, err
bsw@1071	26 end
bsw@1071	27 if not ldap_entry then
bsw@1071	28 return false, "invalid_credentials"
bsw@1071	29 end
bsw@1071	30
bsw@1071	31 local dn = ldap_entry.dn
bsw@1071	32
bsw@1071	33 local ldap, err, err2 = ldap.bind(dn, password)
bsw@1071	34
bsw@1071	35 if err == "invalid_credentials" then
bsw@1071	36 return false, "invalid_credentials"
bsw@1071	37 end
bsw@1071	38
bsw@1071	39 if err then
bsw@1071	40 return nil, err, err2
bsw@1071	41 end
bsw@1071	42
bsw@1071	43 ldap:unbind()
bsw@1071	44
bsw@1071	45 return ldap_entry
bsw@1071	46
bsw@1071	47 end