Mercurial > prosody-modules
diff mod_auth_ldap/mod_auth_ldap.lua @ 1609:5f139770061e
mod_auth_ldap: Connect to LDAP lazily, and add support for reconnects on error.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Thu, 12 Feb 2015 18:57:06 -0500 |
parents | 9a0a0cfd3710 |
children | 062ed39a1805 |
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua Thu Feb 12 21:17:06 2015 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Thu Feb 12 18:57:06 2015 -0500 @@ -16,8 +16,38 @@ local host = ldap_filter_escape(module:get_option_string("realm", module.host)); -- Initiate connection -local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); -module.unload = function() ld:close(); end +local ld = nil; +module.unload = function() if ld then pcall(ld, ld.close); end end + +function ldap_search_once(args) + if ld == nil then + local err; + ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); + if not ld then return nil, err, "reconnect"; end + end + + local success, iterator, invariant, initial = pcall(ld.search, ld, args); + if not success then ld = nil; return nil, iterator, "search"; end + + local success, dn, attr = pcall(iterator, invariant, initial); + if not success then ld = nil; return success, dn, "iter"; end + + return dn, attr, "return"; +end + +function ldap_search(args, retry_count) + local dn, attr, where; + for i=1,1+retry_count do + dn, attr, where = ldap_search_once(args); + if dn or not(attr) then break; end -- nothing or something found + module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); + -- otherwise retry + end + if not dn and attr then + module:log("error", "LDAP: %s", tostring(attr)); + end + return dn, attr; +end local function get_user(username) module:log("debug", "get_user(%q)", username);