aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuido Günther <agx@sigxcpu.org>2017-02-26 20:43:27 +0100
committerGuido Günther <agx@sigxcpu.org>2017-02-26 21:08:52 +0100
commit8790c6dfc3ee0aad3e969163f117e24e5df09eae (patch)
tree6359f2fa752c2882f54f25c34320f6d3d13bb3fe
parentba0e7b7e8ceeabb15611272fe7f9fe450f356088 (diff)
Issue start_tls
certificates are not valided yet
-rw-r--r--priv/ldapsp.conf2
-rw-r--r--src/ldapsp_config.erl5
-rw-r--r--src/ldapsp_ldap.erl35
3 files changed, 25 insertions, 17 deletions
diff --git a/priv/ldapsp.conf b/priv/ldapsp.conf
index 992f819..2445384 100644
--- a/priv/ldapsp.conf
+++ b/priv/ldapsp.conf
@@ -1,7 +1,7 @@
-%% coding: utf-8
%% -*- mode: erlang -*-
{connection,
[{server, "ldap.forumsys.com"},
+ %{tls, false},
{user, "cn=read-only-admin,dc=example,dc=com"},
{password, "password"}]}.
diff --git a/src/ldapsp_config.erl b/src/ldapsp_config.erl
index 9ed7fc4..938f7cd 100644
--- a/src/ldapsp_config.erl
+++ b/src/ldapsp_config.erl
@@ -47,10 +47,7 @@ web_config() ->
ldap_config() ->
{ok, Config } = file:consult("priv/ldapsp.conf"),
- Con = proplists:get_value(connection, Config),
- [{server, proplists:get_value(server, Con)},
- {user, proplists:get_value(user, Con)},
- {password, proplists:get_value(password, Con)}].
+ proplists:get_value(connection, Config).
policy_config() ->
{ok, _Module} = compile:file("priv/policy.erl").
diff --git a/src/ldapsp_ldap.erl b/src/ldapsp_ldap.erl
index 6898174..e87c6d8 100644
--- a/src/ldapsp_ldap.erl
+++ b/src/ldapsp_ldap.erl
@@ -33,7 +33,7 @@
-define(SERVER, ?MODULE).
--record(state, {server, user, password}).
+-record(state, {server, user, password, tls=true, tls_opts}).
%%%===================================================================
%%% API
@@ -72,10 +72,13 @@ start_link(Args) ->
%% {stop, Reason}
%% @end
%%--------------------------------------------------------------------
-init([{server, Server}, {user, User}, {password, Password}]) ->
- {ok, #state{server=Server,
- user=User,
- password=Password}}.
+init(Opts) ->
+ {ok, #state{server=proplists:get_value(server, Opts),
+ tls=proplists:get_value(tls, Opts, true),
+ tls_opts=proplists:get_value(tls_opts, Opts,
+ [{verify_type, verify_peer}]),
+ user=proplists:get_value(user, Opts),
+ password=proplists:get_value(password, Opts)}}.
%%--------------------------------------------------------------------
%% @private
@@ -153,20 +156,29 @@ code_change(_OldVsn, State, _Extra) ->
%%% Internal functions
%%%===================================================================
-% -> ok , {error,Reaseon}
-do_add(Dn, Attributes, #state{server=Server, user=User, password=Pw}) ->
+start_tls(Handle, TLSOpts)->
+ ok = eldap:start_tls(Handle, TLSOpts).
+
+connect(#state{server=Server, user=User, password=Pw, tls=TLS, tls_opts=TLSOpts}) ->
{ok, Handle} = eldap:open([Server]),
+ ok = case TLS of
+ true -> start_tls(Handle, TLSOpts);
+ _ -> ok
+ end,
ok = eldap:simple_bind(Handle, User, Pw),
+ {ok, Handle}.
+
+% -> ok , {error,Reaseon}
+do_add(Dn, Attributes, State) ->
+ {ok, Handle} = connect(State),
ldapsp_log:debug("Will create: ~p with ~p~n", [Dn, Attributes]),
Resp = eldap:add(Handle, Dn, Attributes),
check_close(eldap:close(Handle)),
Resp.
% -> ok , {error,Reaseon}
-do_delete(Dn, #state{server=Server, user=User, password=Pw}) ->
- {ok, Handle} = eldap:open([Server]),
- ok = eldap:simple_bind(Handle, User, Pw),
- ldapsp_log:debug("Will delete: ~p~n", [Dn]),
+do_delete(Dn, State) ->
+ {ok, Handle} = connect(State),
Resp = eldap:delete(Handle, Dn),
check_close(eldap:close(Handle)),
Resp.
@@ -175,4 +187,3 @@ check_close(ok) -> ok;
% erlang 17.1 has another return value than 1.18.3
check_close({_Pid, close}) -> ok;
check_close(EverythingElse) -> ok = EverythingElse.
-