1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/env/ldap/check_credentials.lua	Fri Jul 18 21:42:59 2014 +0200
     1.3 @@ -0,0 +1,47 @@
     1.4 +-- check if credentials (given by a user) are valid to bind to LDAP
     1.5 +-- --------------------------------------------------------------------------
     1.6 +--
     1.7 +-- arguments:
     1.8 +--   dn: The distinguished name to be used fo binding (string, required)
     1.9 +--   password: Password credentials (string, required)
    1.10 +--
    1.11 +-- returns
    1.12 +--   success: true in cases of valid credentials
    1.13 +--            false in cases of invalid credentials
    1.14 +--            nil in undetermined cases, i.e. unavailable LDAP server
    1.15 +--   err: error code in case of errors, otherwise nil (string)
    1.16 +--   err2: error dependent extra error information
    1.17 +
    1.18 +function ldap.check_credentials(login, password)
    1.19 +
    1.20 +  local filter = config.ldap.member.login_filter_map(login)
    1.21 +  local ldap_entry, err, err2 = ldap.get_member_entry(filter)
    1.22 +
    1.23 +  if err == "too_many_entries_found" then
    1.24 +    return false, "invalid_credentials"
    1.25 +  end
    1.26 +  
    1.27 +  if err then
    1.28 +    return nil, err
    1.29 +  end
    1.30 +  if not ldap_entry then
    1.31 +    return false, "invalid_credentials"
    1.32 +  end
    1.33 +  
    1.34 +  local dn = ldap_entry.dn
    1.35 +  
    1.36 +  local ldap, err, err2 = ldap.bind(dn, password)
    1.37 + 
    1.38 +  if err == "invalid_credentials" then
    1.39 +    return false, "invalid_credentials"
    1.40 +  end
    1.41 +  
    1.42 +  if err then
    1.43 +    return nil, err, err2
    1.44 +  end
    1.45 +  
    1.46 +  ldap:unbind()
    1.47 +  
    1.48 +  return ldap_entry
    1.49 +  
    1.50 +end