1 files changed, 37 insertions, 53 deletions

diff --git a/src/eldap_utils.erl b/src/eldap_utils.erl
index 8c071c6dd..d15e5bc9c 100644
--- a/src/eldap_utils.erl
+++ b/src/eldap_utils.erl
@@ -28,7 +28,7 @@
 -behaviour(ejabberd_config).
 -author('mremond@process-one.net').
 
--export([generate_subfilter/1, find_ldap_attrs/2,
+-export([generate_subfilter/1, find_ldap_attrs/2, check_filter/1,
 	 get_ldap_attr/2, get_user_part/2, make_filter/2,
 	 get_state/2, case_insensitive_match/2, get_config/2,
 	 decode_octet_string/3, uids_domain_subst/2, opt_type/1]).
@@ -137,6 +137,11 @@ make_filter(Data, UIDs) ->
 	    eldap:'and'(Filter)
     end.
 
+check_filter(F) ->
+    NewF = iolist_to_binary(F),
+    {ok, _} = eldap_filter:parse(NewF),
+    NewF.
+
 -spec case_insensitive_match(binary(), binary()) -> boolean().
 
 case_insensitive_match(X, Y) ->
@@ -168,58 +173,25 @@ uids_domain_subst(Host, UIDs) ->
 -spec get_config(binary(), list()) -> eldap_config().
 
 get_config(Host, Opts) ->
-    Servers = gen_mod:get_opt({ldap_servers, Host}, Opts,
-                      fun(L) ->
-                              [iolist_to_binary(H) || H <- L]
-                      end, [<<"localhost">>]),
-    Backups = gen_mod:get_opt({ldap_backups, Host}, Opts,
-                      fun(L) ->
-                              [iolist_to_binary(H) || H <- L]
-                      end, []),
-    Encrypt = gen_mod:get_opt({ldap_encrypt, Host}, Opts,
-                      fun(tls) -> tls;
-                         (starttls) -> starttls;
-                         (none) -> none
-                      end, none),
-    TLSVerify = gen_mod:get_opt({ldap_tls_verify, Host}, Opts,
-                        fun(hard) -> hard;
-                           (soft) -> soft;
-                           (false) -> false
-                        end, false),
-    TLSCAFile = gen_mod:get_opt({ldap_tls_cacertfile, Host}, Opts,
-                        fun iolist_to_binary/1),
-    TLSDepth = gen_mod:get_opt({ldap_tls_depth, Host}, Opts,
-                       fun(I) when is_integer(I), I>=0 -> I end),
+    Servers = gen_mod:get_opt({ldap_servers, Host}, Opts, [<<"localhost">>]),
+    Backups = gen_mod:get_opt({ldap_backups, Host}, Opts, []),
+    Encrypt = gen_mod:get_opt({ldap_encrypt, Host}, Opts, none),
+    TLSVerify = gen_mod:get_opt({ldap_tls_verify, Host}, Opts, false),
+    TLSCAFile = gen_mod:get_opt({ldap_tls_cacertfile, Host}, Opts),
+    TLSDepth = gen_mod:get_opt({ldap_tls_depth, Host}, Opts),
     Port = gen_mod:get_opt({ldap_port, Host}, Opts,
-                   fun(I) when is_integer(I), I>0 -> I end,
-                   case Encrypt of
-                       tls -> ?LDAPS_PORT;
-                       starttls -> ?LDAP_PORT;
-                       _ -> ?LDAP_PORT
-                   end),
-    RootDN = gen_mod:get_opt({ldap_rootdn, Host}, Opts,
-                     fun iolist_to_binary/1,
-                     <<"">>),
-    Password = gen_mod:get_opt({ldap_password, Host}, Opts,
-                 fun iolist_to_binary/1,
-                 <<"">>),
-    Base = gen_mod:get_opt({ldap_base, Host}, Opts,
-                   fun iolist_to_binary/1,
-                   <<"">>),
-    OldDerefAliases = gen_mod:get_opt({deref_aliases, Host}, Opts,
-                              fun(never) -> never;
-                                 (searching) -> searching;
-                                 (finding) -> finding;
-                                 (always) -> always
-                              end, unspecified),
+			   case Encrypt of
+			       tls -> ?LDAPS_PORT;
+			       starttls -> ?LDAP_PORT;
+			       _ -> ?LDAP_PORT
+			   end),
+    RootDN = gen_mod:get_opt({ldap_rootdn, Host}, Opts, <<"">>),
+    Password = gen_mod:get_opt({ldap_password, Host}, Opts, <<"">>),
+    Base = gen_mod:get_opt({ldap_base, Host}, Opts, <<"">>),
+    OldDerefAliases = gen_mod:get_opt({deref_aliases, Host}, Opts, unspecified),
     DerefAliases =
         if OldDerefAliases == unspecified ->
-                gen_mod:get_opt({ldap_deref_aliases, Host}, Opts,
-                        fun(never) -> never;
-                           (searching) -> searching;
-                           (finding) -> finding;
-                           (always) -> always
-                        end, never);
+                gen_mod:get_opt({ldap_deref_aliases, Host}, Opts, never);
            true ->
                 ?WARNING_MSG("Option 'deref_aliases' is deprecated. "
                              "The option is still supported "
@@ -372,7 +344,8 @@ opt_type(ldap_port) ->
 opt_type(ldap_rootdn) -> fun iolist_to_binary/1;
 opt_type(ldap_servers) ->
     fun (L) -> [iolist_to_binary(H) || H <- L] end;
-opt_type(ldap_tls_cacertfile) -> fun iolist_to_binary/1;
+opt_type(ldap_tls_cacertfile) ->
+    fun(S) -> binary_to_list(iolist_to_binary(S)) end;
 opt_type(ldap_tls_depth) ->
     fun (I) when is_integer(I), I >= 0 -> I end;
 opt_type(ldap_tls_verify) ->
@@ -380,8 +353,19 @@ opt_type(ldap_tls_verify) ->
 	(soft) -> soft;
 	(false) -> false
     end;
+opt_type(ldap_filter) ->
+    fun check_filter/1;
+opt_type(ldap_uids) ->
+    fun (Us) ->
+	    lists:map(fun ({U, P}) ->
+			      {iolist_to_binary(U), iolist_to_binary(P)};
+			  ({U}) -> {iolist_to_binary(U)};
+			  (U) -> {iolist_to_binary(U)}
+		      end,
+		      lists:flatten(Us))
+    end;
 opt_type(_) ->
-    [deref_aliases, ldap_backups, ldap_base,
+    [deref_aliases, ldap_backups, ldap_base, ldap_uids,
      ldap_deref_aliases, ldap_encrypt, ldap_password,
-     ldap_port, ldap_rootdn, ldap_servers,
+     ldap_port, ldap_rootdn, ldap_servers, ldap_filter,
      ldap_tls_cacertfile, ldap_tls_depth, ldap_tls_verify].