liquid_feedback_frontend
diff env/ldap/check_credentials.lua @ 1071:58f48a8a202a
Imported and merged LDAP patch
author | bsw |
---|---|
date | Fri Jul 18 21:42:59 2014 +0200 (2014-07-18) |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/env/ldap/check_credentials.lua Fri Jul 18 21:42:59 2014 +0200 1.3 @@ -0,0 +1,47 @@ 1.4 +-- check if credentials (given by a user) are valid to bind to LDAP 1.5 +-- -------------------------------------------------------------------------- 1.6 +-- 1.7 +-- arguments: 1.8 +-- dn: The distinguished name to be used fo binding (string, required) 1.9 +-- password: Password credentials (string, required) 1.10 +-- 1.11 +-- returns 1.12 +-- success: true in cases of valid credentials 1.13 +-- false in cases of invalid credentials 1.14 +-- nil in undetermined cases, i.e. unavailable LDAP server 1.15 +-- err: error code in case of errors, otherwise nil (string) 1.16 +-- err2: error dependent extra error information 1.17 + 1.18 +function ldap.check_credentials(login, password) 1.19 + 1.20 + local filter = config.ldap.member.login_filter_map(login) 1.21 + local ldap_entry, err, err2 = ldap.get_member_entry(filter) 1.22 + 1.23 + if err == "too_many_entries_found" then 1.24 + return false, "invalid_credentials" 1.25 + end 1.26 + 1.27 + if err then 1.28 + return nil, err 1.29 + end 1.30 + if not ldap_entry then 1.31 + return false, "invalid_credentials" 1.32 + end 1.33 + 1.34 + local dn = ldap_entry.dn 1.35 + 1.36 + local ldap, err, err2 = ldap.bind(dn, password) 1.37 + 1.38 + if err == "invalid_credentials" then 1.39 + return false, "invalid_credentials" 1.40 + end 1.41 + 1.42 + if err then 1.43 + return nil, err, err2 1.44 + end 1.45 + 1.46 + ldap:unbind() 1.47 + 1.48 + return ldap_entry 1.49 + 1.50 +end