diff options
author | Guido Günther <agx@sigxcpu.org> | 2017-02-26 20:43:27 +0100 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2017-02-26 21:08:52 +0100 |
commit | 8790c6dfc3ee0aad3e969163f117e24e5df09eae (patch) | |
tree | 6359f2fa752c2882f54f25c34320f6d3d13bb3fe | |
parent | ba0e7b7e8ceeabb15611272fe7f9fe450f356088 (diff) |
Issue start_tls
certificates are not valided yet
-rw-r--r-- | priv/ldapsp.conf | 2 | ||||
-rw-r--r-- | src/ldapsp_config.erl | 5 | ||||
-rw-r--r-- | src/ldapsp_ldap.erl | 35 |
3 files changed, 25 insertions, 17 deletions
diff --git a/priv/ldapsp.conf b/priv/ldapsp.conf index 992f819..2445384 100644 --- a/priv/ldapsp.conf +++ b/priv/ldapsp.conf @@ -1,7 +1,7 @@ -%% coding: utf-8 %% -*- mode: erlang -*- {connection, [{server, "ldap.forumsys.com"}, + %{tls, false}, {user, "cn=read-only-admin,dc=example,dc=com"}, {password, "password"}]}. diff --git a/src/ldapsp_config.erl b/src/ldapsp_config.erl index 9ed7fc4..938f7cd 100644 --- a/src/ldapsp_config.erl +++ b/src/ldapsp_config.erl @@ -47,10 +47,7 @@ web_config() -> ldap_config() -> {ok, Config } = file:consult("priv/ldapsp.conf"), - Con = proplists:get_value(connection, Config), - [{server, proplists:get_value(server, Con)}, - {user, proplists:get_value(user, Con)}, - {password, proplists:get_value(password, Con)}]. + proplists:get_value(connection, Config). policy_config() -> {ok, _Module} = compile:file("priv/policy.erl"). diff --git a/src/ldapsp_ldap.erl b/src/ldapsp_ldap.erl index 6898174..e87c6d8 100644 --- a/src/ldapsp_ldap.erl +++ b/src/ldapsp_ldap.erl @@ -33,7 +33,7 @@ -define(SERVER, ?MODULE). --record(state, {server, user, password}). +-record(state, {server, user, password, tls=true, tls_opts}). %%%=================================================================== %%% API @@ -72,10 +72,13 @@ start_link(Args) -> %% {stop, Reason} %% @end %%-------------------------------------------------------------------- -init([{server, Server}, {user, User}, {password, Password}]) -> - {ok, #state{server=Server, - user=User, - password=Password}}. +init(Opts) -> + {ok, #state{server=proplists:get_value(server, Opts), + tls=proplists:get_value(tls, Opts, true), + tls_opts=proplists:get_value(tls_opts, Opts, + [{verify_type, verify_peer}]), + user=proplists:get_value(user, Opts), + password=proplists:get_value(password, Opts)}}. %%-------------------------------------------------------------------- %% @private @@ -153,20 +156,29 @@ code_change(_OldVsn, State, _Extra) -> %%% Internal functions %%%=================================================================== -% -> ok , {error,Reaseon} -do_add(Dn, Attributes, #state{server=Server, user=User, password=Pw}) -> +start_tls(Handle, TLSOpts)-> + ok = eldap:start_tls(Handle, TLSOpts). + +connect(#state{server=Server, user=User, password=Pw, tls=TLS, tls_opts=TLSOpts}) -> {ok, Handle} = eldap:open([Server]), + ok = case TLS of + true -> start_tls(Handle, TLSOpts); + _ -> ok + end, ok = eldap:simple_bind(Handle, User, Pw), + {ok, Handle}. + +% -> ok , {error,Reaseon} +do_add(Dn, Attributes, State) -> + {ok, Handle} = connect(State), ldapsp_log:debug("Will create: ~p with ~p~n", [Dn, Attributes]), Resp = eldap:add(Handle, Dn, Attributes), check_close(eldap:close(Handle)), Resp. % -> ok , {error,Reaseon} -do_delete(Dn, #state{server=Server, user=User, password=Pw}) -> - {ok, Handle} = eldap:open([Server]), - ok = eldap:simple_bind(Handle, User, Pw), - ldapsp_log:debug("Will delete: ~p~n", [Dn]), +do_delete(Dn, State) -> + {ok, Handle} = connect(State), Resp = eldap:delete(Handle, Dn), check_close(eldap:close(Handle)), Resp. @@ -175,4 +187,3 @@ check_close(ok) -> ok; % erlang 17.1 has another return value than 1.18.3 check_close({_Pid, close}) -> ok; check_close(EverythingElse) -> ok = EverythingElse. - |