annotate mod_lib_ldap/ldap.lib.lua @ 841:0649883de4d3

mod_password_policy: Initial commit.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 05 Oct 2012 05:49:22 +0500
parents 1d51c5e38faa
children 16b007c7706c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
809
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
1 -- vim:sts=4 sw=4
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
2
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
3 -- Prosody IM
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
4 -- Copyright (C) 2008-2010 Matthew Wild
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
5 -- Copyright (C) 2008-2010 Waqas Hussain
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
6 -- Copyright (C) 2012 Rob Hoelz
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
7 --
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
8 -- This project is MIT/X11 licensed. Please see the
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
9 -- COPYING file in the source package for more information.
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
10 --
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
11
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
12 local ldap;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
13 local connection;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
14 local params = module:get_option("ldap");
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
15 local format = string.format;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
16 local tconcat = table.concat;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
17
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
18 local _M = {};
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
19
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
20 local config_params = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
21 hostname = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
22 user = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
23 basedn = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
24 namefield = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
25 filter = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
26 usernamefield = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
27 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
28 groups = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
29 basedn = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
30 namefield = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
31 memberfield = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
32
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
33 _member = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
34 name = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
35 admin = 'boolean?',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
36 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
37 },
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
38 admin = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
39 _optional = true,
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
40 basedn = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
41 namefield = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
42 filter = 'string',
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
43 }
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
44 }
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
45
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
46 local function run_validation(params, config, prefix)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
47 prefix = prefix or '';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
48
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
49 -- verify that every required member of config is present in params
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
50 for k, v in pairs(config) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
51 if type(k) == 'string' and k:sub(1, 1) ~= '_' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
52 local is_optional;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
53 if type(v) == 'table' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
54 is_optional = v._optional;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
55 else
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
56 is_optional = v:sub(-1) == '?';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
57 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
58
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
59 if not is_optional and params[k] == nil then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
60 return nil, prefix .. k .. ' is required';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
61 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
62 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
63 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
64
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
65 for k, v in pairs(params) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
66 local expected_type = config[k];
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
67
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
68 local ok, err = true;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
69
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
70 if type(k) == 'string' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
71 -- verify that this key is present in config
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
72 if k:sub(1, 1) == '_' or expected_type == nil then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
73 return nil, 'invalid parameter ' .. prefix .. k;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
74 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
75
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
76 -- type validation
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
77 if type(expected_type) == 'string' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
78 if expected_type:sub(-1) == '?' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
79 expected_type = expected_type:sub(1, -2);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
80 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
81
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
82 if type(v) ~= expected_type then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
83 return nil, 'invalid type for parameter ' .. prefix .. k;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
84 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
85 else -- it's a table (or had better be)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
86 if type(v) ~= 'table' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
87 return nil, 'invalid type for parameter ' .. prefix .. k;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
88 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
89
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
90 -- recurse into child
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
91 ok, err = run_validation(v, expected_type, prefix .. k .. '.');
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
92 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
93 else -- it's an integer (or had better be)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
94 if not config._member then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
95 return nil, 'invalid parameter ' .. prefix .. tostring(k);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
96 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
97 ok, err = run_validation(v, config._member, prefix .. tostring(k) .. '.');
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
98 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
99
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
100 if not ok then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
101 return ok, err;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
102 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
103 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
104
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
105 return true;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
106 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
107
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
108 local function validate_config()
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
109 if true then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
110 return true; -- XXX for now
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
111 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
112
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
113 -- this is almost too clever (I mean that in a bad
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
114 -- maintainability sort of way)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
115 --
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
116 -- basically this allows a free pass for a key in group members
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
117 -- equal to params.groups.namefield
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
118 setmetatable(config_params.groups._member, {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
119 __index = function(_, k)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
120 if k == params.groups.namefield then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
121 return 'string';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
122 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
123 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
124 });
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
125
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
126 local ok, err = run_validation(params, config_params);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
127
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
128 setmetatable(config_params.groups._member, nil);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
129
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
130 if ok then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
131 -- a little extra validation that doesn't fit into
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
132 -- my recursive checker
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
133 local group_namefield = params.groups.namefield;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
134 for i, group in ipairs(params.groups) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
135 if not group[group_namefield] then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
136 return nil, format('groups.%d.%s is required', i, group_namefield);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
137 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
138 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
139
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
140 -- fill in params.admin if you can
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
141 if not params.admin and params.groups then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
142 local admingroup;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
143
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
144 for _, groupconfig in ipairs(params.groups) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
145 if groupconfig.admin then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
146 admingroup = groupconfig;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
147 break;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
148 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
149 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
150
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
151 if admingroup then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
152 params.admin = {
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
153 basedn = params.groups.basedn,
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
154 namefield = params.groups.memberfield,
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
155 filter = group_namefield .. '=' .. admingroup[group_namefield],
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
156 };
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
157 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
158 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
159 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
160
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
161 return ok, err;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
162 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
163
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
164 -- what to do if connection isn't available?
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
165 local function connect()
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
166 return ldap.open_simple(params.hostname, params.bind_dn, params.bind_password, params.use_tls);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
167 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
168
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
169 -- this is abstracted so we can maintain persistent connections at a later time
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
170 function _M.getconnection()
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
171 return connect();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
172 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
173
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
174 function _M.getparams()
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
175 return params;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
176 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
177
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
178 -- XXX consider renaming this...it doesn't bind the current connection
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
179 function _M.bind(username, password)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
180 local who = format('%s=%s,%s', params.user.usernamefield, username, params.user.basedn);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
181 local conn, err = ldap.open_simple(params.hostname, who, password, params.use_tls);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
182
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
183 if conn then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
184 conn:close();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
185 return true;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
186 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
187
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
188 return conn, err;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
189 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
190
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
191 function _M.singlematch(query)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
192 local ld = _M.getconnection();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
193
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
194 query.sizelimit = 1;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
195 query.scope = 'onelevel';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
196
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
197 for dn, attribs in ld:search(query) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
198 return attribs;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
199 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
200 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
201
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
202 _M.filter = {};
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
203
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
204 function _M.filter.combine_and(...)
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
205 local parts = { '(&' };
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
206
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
207 local arg = { ... };
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
208
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
209 for _, filter in ipairs(arg) do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
210 if filter:sub(1, 1) ~= '(' and filter:sub(-1) ~= ')' then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
211 filter = '(' .. filter .. ')'
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
212 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
213 parts[#parts + 1] = filter;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
214 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
215
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
216 parts[#parts + 1] = ')';
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
217
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
218 return tconcat(parts, '');
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
219 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
220
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
221 do
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
222 local ok, err;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
223
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
224 prosody.unlock_globals();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
225 ok, ldap = pcall(require, 'lualdap');
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
226 prosody.lock_globals();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
227 if not ok then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
228 module:log("error", "Failed to load the LuaLDAP library for accessing LDAP: %s", ldap);
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
229 module:log("error", "More information on install LuaLDAP can be found at http://www.keplerproject.org/lualdap");
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
230 return;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
231 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
232
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
233 if not params then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
234 module:log("error", "LDAP configuration required to use the LDAP storage module");
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
235 return;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
236 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
237
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
238 ok, err = validate_config();
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
239
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
240 if not ok then
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
241 module:log("error", "LDAP configuration is invalid: %s", tostring(err));
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
242 return;
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
243 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
244 end
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
245
1d51c5e38faa Add LDAP plugin suite
rob@hoelz.ro
parents:
diff changeset
246 return _M;