bsw@1071: -- binds to configured LDAP server
bsw@1071: -- --------------------------------------------------------------------------
bsw@1071: -- omit arguments for anonymous bind
bsw@1071: --
bsw@1071: -- arguments:
bsw@1071: --   dn: the distinguished name to be used fo binding (string)
bsw@1071: --   password: password credentials (string)
bsw@1071: --
bsw@1071: -- returns:
bsw@1071: --   ldap: in case of success, an LDAP connection handle
bsw@1071: --   err: in case of an error, an error code (string)
bsw@1071: --   err2: error dependent extra error information
bsw@1071: 
bsw@1071: function ldap.bind(dn, password)
bsw@1071:   
bsw@1071:   local libldap = require("mldap")
bsw@1071: 
bsw@1071:   local hostlist = ldap.get_hosts()
bsw@1071: 
bsw@1071:   -- try binding to LDAP server until success of no host entry left  
bsw@1071:   local ldap
bsw@1071:   while not ldap do
bsw@1071:   
bsw@1071:     if #hostlist < 1 then
bsw@1071:       break
bsw@1071:     end
bsw@1071:     
bsw@1071:     local host = table.remove(hostlist, 1)
bsw@1071:     
bsw@1071:     local err
bsw@1071:     ldap, err, errno = libldap.bind{
bsw@1071:       uri = host.uri,
bsw@1071:       timeout = host.timeout,
bsw@1071:       who = dn,
bsw@1071:       password = password
bsw@1071:     }
bsw@1071:     
bsw@1071:     if not err and ldap then
bsw@1071:       return ldap, nil
bsw@1071:     end
bsw@1071: 
bsw@1071:     local errno_string
bsw@1071:     
bsw@1071:     if errno then
bsw@1071:       errno_string = libldap.errorcodes[errno]
bsw@1071:     end
bsw@1071:     
bsw@1071:     if errno == libldap.errorcodes.invalid_credentials then
bsw@1071:       return nil, "invalid_credentials", errno_string
bsw@1071:     end
bsw@1071:   end
bsw@1071: 
bsw@1071:   return nil, "cant_contact_ldap_server"
bsw@1071:   
bsw@1071: end