Diff

mod_auth_ldap/mod_auth_ldap.lua @ 1611:770236ea9678

mod_auth_ldap: Fix use of ldap_search, and generalize it to support password modification as well.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 13 Feb 2015 11:06:06 -0500
parent 1610:062ed39a1805
child 1987:6d7699eda594
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua	Fri Feb 13 10:44:23 2015 -0500
+++ b/mod_auth_ldap/mod_auth_ldap.lua	Fri Feb 13 11:06:06 2015 -0500
@@ -19,14 +19,14 @@
 local ld = nil;
 module.unload = function() if ld then pcall(ld, ld.close); end end
 
-function ldap_search_once(args)
+function ldap_do_once(method, ...)
 	if ld == nil then
 		local err;
 		ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls);
 		if not ld then return nil, err, "reconnect"; end
 	end
 
-	local success, iterator, invariant, initial = pcall(ld.search, ld, args);
+	local success, iterator, invariant, initial = pcall(ld[method], ld, ...);
 	if not success then ld = nil; return nil, iterator, "search"; end
 
 	local success, dn, attr = pcall(iterator, invariant, initial);
@@ -35,10 +35,10 @@
 	return dn, attr, "return";
 end
 
-function ldap_search(args, retry_count)
+function ldap_do(method, retry_count, ...)
 	local dn, attr, where;
 	for i=1,1+retry_count do
-		dn, attr, where = ldap_search_once(args);
+		dn, attr, where = ldap_do_once(method, ...);
 		if dn or not(attr) then break; end -- nothing or something found
 		module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where);
 		-- otherwise retry
@@ -51,7 +51,7 @@
 
 local function get_user(username)
 	module:log("debug", "get_user(%q)", username);
-	for dn, attr in ldap_search({
+	return ldap_do("search", 2, {
 		base = ldap_base;
 		scope = ldap_scope;
 		sizelimit = 1;
@@ -59,7 +59,7 @@
 			user = ldap_filter_escape(username);
 			host = host;
 		});
-	}, 3) do return dn, attr; end
+	});
 end
 
 local provider = {};
@@ -76,7 +76,7 @@
 	local dn, attr = get_user(username);
 	if not dn then return nil, attr end
 	if attr.userPassword == password then return true end
-	return ld:modify(dn, { '=', userPassword = password })();
+	return ldap_do("modify", 2, dn, { '=', userPassword = password });
 end
 
 if ldap_mode == "getpasswd" then