bsw@1071: -- gets the corresponding ldap entry for a given member login
bsw@1071: -- --------------------------------------------------------------------------
bsw@1071: --
bsw@1071: -- arguments:
bsw@1071: --   filter: the LDAP filter for searching the member (required)
bsw@1071: --   use_ldap_conn: an already existing LDAP connection to be used (optional)
bsw@1071: --
bsw@1071: -- returns:
bsw@1071: --   ldap_entry: in case of success, the LDAP entry (object)
bsw@1071: --   err: in case of an error, an error message (string)
bsw@1071: --   err2: error dependent extra error information
bsw@1071: 
bsw@1071: function ldap.get_member_entry(filter, use_ldap_conn)
bsw@1071:   
bsw@1071:   local ldap_conn, err
bsw@1071:   
bsw@1071:   if use_ldap_conn then
bsw@1071:     ldap_conn = use_ldap_conn
bsw@1071:   else
bsw@1071:     ldap_conn, bind_err = ldap.bind_as_app()
bsw@1071:   end
bsw@1071:   
bsw@1071:   if not ldap_conn then
bsw@1071:     return nil, "ldap_bind_error", bind_err
bsw@1071:   end
bsw@1071: 
bsw@1071:   local entries, search_err = ldap_conn:search{
bsw@1071:     base = config.ldap.base,
bsw@1071:     scope = config.ldap.member.scope,
bsw@1071:     filter = filter,
bsw@1071:     attr = config.ldap.member.fetch_attr,
bsw@1071:   }
bsw@1071:   
bsw@1071:   if not use_ldap_conn then
bsw@1071:     ldap_conn:unbind()
bsw@1071:   end
bsw@1071:   
bsw@1071:   if not entries then
bsw@1071:     return nil, "ldap_search_error", search_err
bsw@1071:   end
bsw@1071:   
bsw@1071:   if #entries > 1 then
bsw@1071:     return nil, "too_many_ldap_entries_found"
bsw@1071:   end
bsw@1071:   
bsw@1071:   if #entries < 0 then
bsw@1071:     return nil, "no_ldap_entry_found"
bsw@1071:   end
bsw@1071:   
bsw@1071:   return entries[1]
bsw@1071:   
bsw@1071: end