Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1609:5f139770061e
mod_auth_ldap: Connect to LDAP lazily, and add support for reconnects on error.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Thu, 12 Feb 2015 18:57:06 -0500 |
| parents | 9a0a0cfd3710 |
| children | 062ed39a1805 |
comparison
equal
deleted
inserted
replaced
| 1608:59fdf4f12343 | 1609:5f139770061e |
|---|---|
| 14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); | 15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); |
| 16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); | 16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); |
| 17 | 17 |
| 18 -- Initiate connection | 18 -- Initiate connection |
| 19 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 19 local ld = nil; |
| 20 module.unload = function() ld:close(); end | 20 module.unload = function() if ld then pcall(ld, ld.close); end end |
| 21 | |
| 22 function ldap_search_once(args) | |
| 23 if ld == nil then | |
| 24 local err; | |
| 25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); | |
| 26 if not ld then return nil, err, "reconnect"; end | |
| 27 end | |
| 28 | |
| 29 local success, iterator, invariant, initial = pcall(ld.search, ld, args); | |
| 30 if not success then ld = nil; return nil, iterator, "search"; end | |
| 31 | |
| 32 local success, dn, attr = pcall(iterator, invariant, initial); | |
| 33 if not success then ld = nil; return success, dn, "iter"; end | |
| 34 | |
| 35 return dn, attr, "return"; | |
| 36 end | |
| 37 | |
| 38 function ldap_search(args, retry_count) | |
| 39 local dn, attr, where; | |
| 40 for i=1,1+retry_count do | |
| 41 dn, attr, where = ldap_search_once(args); | |
| 42 if dn or not(attr) then break; end -- nothing or something found | |
| 43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); | |
| 44 -- otherwise retry | |
| 45 end | |
| 46 if not dn and attr then | |
| 47 module:log("error", "LDAP: %s", tostring(attr)); | |
| 48 end | |
| 49 return dn, attr; | |
| 50 end | |
| 21 | 51 |
| 22 local function get_user(username) | 52 local function get_user(username) |
| 23 module:log("debug", "get_user(%q)", username); | 53 module:log("debug", "get_user(%q)", username); |
| 24 for dn, attr in ld:search({ | 54 for dn, attr in ld:search({ |
| 25 base = ldap_base; | 55 base = ldap_base; |