bsw@1071: -- check if credentials (given by a user) are valid to bind to LDAP bsw@1071: -- -------------------------------------------------------------------------- bsw@1071: -- bsw@1071: -- arguments: bsw@1071: -- dn: The distinguished name to be used fo binding (string, required) bsw@1071: -- password: Password credentials (string, required) bsw@1071: -- bsw@1071: -- returns bsw@1071: -- success: true in cases of valid credentials bsw@1071: -- false in cases of invalid credentials bsw@1071: -- nil in undetermined cases, i.e. unavailable LDAP server bsw@1071: -- err: error code in case of errors, otherwise nil (string) bsw@1071: -- err2: error dependent extra error information bsw@1071: bsw@1071: function ldap.check_credentials(login, password) bsw@1071: bsw@1071: local filter = config.ldap.member.login_filter_map(login) bsw@1071: local ldap_entry, err, err2 = ldap.get_member_entry(filter) bsw@1071: bsw@1071: if err == "too_many_entries_found" then bsw@1071: return false, "invalid_credentials" bsw@1071: end bsw@1071: bsw@1071: if err then bsw@1071: return nil, err bsw@1071: end bsw@1071: if not ldap_entry then bsw@1071: return false, "invalid_credentials" bsw@1071: end bsw@1071: bsw@1071: local dn = ldap_entry.dn bsw@1071: bsw@1071: local ldap, err, err2 = ldap.bind(dn, password) bsw@1071: bsw@1071: if err == "invalid_credentials" then bsw@1071: return false, "invalid_credentials" bsw@1071: end bsw@1071: bsw@1071: if err then bsw@1071: return nil, err, err2 bsw@1071: end bsw@1071: bsw@1071: ldap:unbind() bsw@1071: bsw@1071: return ldap_entry bsw@1071: bsw@1071: end