Comparison

mod_auth_ldap/mod_auth_ldap.lua @ 1611:770236ea9678

mod_auth_ldap: Fix use of ldap_search, and generalize it to support password modification as well.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 13 Feb 2015 11:06:06 -0500
parent 1610:062ed39a1805
child 1987:6d7699eda594
comparison
equal deleted inserted replaced
1610:062ed39a1805 1611:770236ea9678
17 17
18 -- Initiate connection 18 -- Initiate connection
19 local ld = nil; 19 local ld = nil;
20 module.unload = function() if ld then pcall(ld, ld.close); end end 20 module.unload = function() if ld then pcall(ld, ld.close); end end
21 21
22 function ldap_search_once(args) 22 function ldap_do_once(method, ...)
23 if ld == nil then 23 if ld == nil then
24 local err; 24 local err;
25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); 25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls);
26 if not ld then return nil, err, "reconnect"; end 26 if not ld then return nil, err, "reconnect"; end
27 end 27 end
28 28
29 local success, iterator, invariant, initial = pcall(ld.search, ld, args); 29 local success, iterator, invariant, initial = pcall(ld[method], ld, ...);
30 if not success then ld = nil; return nil, iterator, "search"; end 30 if not success then ld = nil; return nil, iterator, "search"; end
31 31
32 local success, dn, attr = pcall(iterator, invariant, initial); 32 local success, dn, attr = pcall(iterator, invariant, initial);
33 if not success then ld = nil; return success, dn, "iter"; end 33 if not success then ld = nil; return success, dn, "iter"; end
34 34
35 return dn, attr, "return"; 35 return dn, attr, "return";
36 end 36 end
37 37
38 function ldap_search(args, retry_count) 38 function ldap_do(method, retry_count, ...)
39 local dn, attr, where; 39 local dn, attr, where;
40 for i=1,1+retry_count do 40 for i=1,1+retry_count do
41 dn, attr, where = ldap_search_once(args); 41 dn, attr, where = ldap_do_once(method, ...);
42 if dn or not(attr) then break; end -- nothing or something found 42 if dn or not(attr) then break; end -- nothing or something found
43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); 43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where);
44 -- otherwise retry 44 -- otherwise retry
45 end 45 end
46 if not dn and attr then 46 if not dn and attr then
49 return dn, attr; 49 return dn, attr;
50 end 50 end
51 51
52 local function get_user(username) 52 local function get_user(username)
53 module:log("debug", "get_user(%q)", username); 53 module:log("debug", "get_user(%q)", username);
54 for dn, attr in ldap_search({ 54 return ldap_do("search", 2, {
55 base = ldap_base; 55 base = ldap_base;
56 scope = ldap_scope; 56 scope = ldap_scope;
57 sizelimit = 1; 57 sizelimit = 1;
58 filter = ldap_filter:gsub("%$(%a+)", { 58 filter = ldap_filter:gsub("%$(%a+)", {
59 user = ldap_filter_escape(username); 59 user = ldap_filter_escape(username);
60 host = host; 60 host = host;
61 }); 61 });
62 }, 3) do return dn, attr; end 62 });
63 end 63 end
64 64
65 local provider = {}; 65 local provider = {};
66 66
67 function provider.create_user(username, password) 67 function provider.create_user(username, password)
74 74
75 function provider.set_password(username, password) 75 function provider.set_password(username, password)
76 local dn, attr = get_user(username); 76 local dn, attr = get_user(username);
77 if not dn then return nil, attr end 77 if not dn then return nil, attr end
78 if attr.userPassword == password then return true end 78 if attr.userPassword == password then return true end
79 return ld:modify(dn, { '=', userPassword = password })(); 79 return ldap_do("modify", 2, dn, { '=', userPassword = password });
80 end 80 end
81 81
82 if ldap_mode == "getpasswd" then 82 if ldap_mode == "getpasswd" then
83 function provider.get_password(username) 83 function provider.get_password(username)
84 local dn, attr = get_user(username); 84 local dn, attr = get_user(username);