bsw@1071: -- check if credentials (given by a user) are valid to bind to LDAP
bsw@1071: -- --------------------------------------------------------------------------
bsw@1071: --
bsw@1071: -- arguments:
bsw@1071: --   dn: The distinguished name to be used fo binding (string, required)
bsw@1071: --   password: Password credentials (string, required)
bsw@1071: --
bsw@1071: -- returns
bsw@1071: --   success: true in cases of valid credentials
bsw@1071: --            false in cases of invalid credentials
bsw@1071: --            nil in undetermined cases, i.e. unavailable LDAP server
bsw@1071: --   err: error code in case of errors, otherwise nil (string)
bsw@1071: --   err2: error dependent extra error information
bsw@1071: 
bsw@1071: function ldap.check_credentials(login, password)
bsw@1071: 
bsw@1071:   local filter = config.ldap.member.login_filter_map(login)
bsw@1071:   local ldap_entry, err, err2 = ldap.get_member_entry(filter)
bsw@1071: 
bsw@1071:   if err == "too_many_entries_found" then
bsw@1071:     return false, "invalid_credentials"
bsw@1071:   end
bsw@1071:   
bsw@1071:   if err then
bsw@1071:     return nil, err
bsw@1071:   end
bsw@1071:   if not ldap_entry then
bsw@1071:     return false, "invalid_credentials"
bsw@1071:   end
bsw@1071:   
bsw@1071:   local dn = ldap_entry.dn
bsw@1071:   
bsw@1071:   local ldap, err, err2 = ldap.bind(dn, password)
bsw@1071:  
bsw@1071:   if err == "invalid_credentials" then
bsw@1071:     return false, "invalid_credentials"
bsw@1071:   end
bsw@1071:   
bsw@1071:   if err then
bsw@1071:     return nil, err, err2
bsw@1071:   end
bsw@1071:   
bsw@1071:   ldap:unbind()
bsw@1071:   
bsw@1071:   return ldap_entry
bsw@1071:   
bsw@1071: end