Mercurial > prosody-modules
annotate mod_auth_ldap2/mod_auth_ldap2.lua @ 870:13e645340767
Use singlematch to find user record in ldap.bind
author | Rob Hoelz <rob@hoelz.ro> |
---|---|
date | Mon, 10 Dec 2012 22:15:27 +0100 |
parents | 675945ea2ed6 |
children | 490cb9161c81 |
rev | line source |
---|---|
809 | 1 -- vim:sts=4 sw=4 |
2 | |
3 -- Prosody IM | |
4 -- Copyright (C) 2008-2010 Matthew Wild | |
5 -- Copyright (C) 2008-2010 Waqas Hussain | |
6 -- Copyright (C) 2012 Rob Hoelz | |
7 -- | |
8 -- This project is MIT/X11 licensed. Please see the | |
9 -- COPYING file in the source package for more information. | |
10 -- | |
11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua | |
12 -- adapted to use common LDAP store | |
13 | |
14 local ldap = module:require 'ldap'; | |
15 local new_sasl = require 'util.sasl'.new; | |
16 local nodeprep = require 'util.encodings'.stringprep.nodeprep; | |
17 local jsplit = require 'util.jid'.split; | |
18 | |
19 if not ldap then | |
20 return; | |
21 end | |
22 | |
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
23 local provider = {} |
809 | 24 |
25 function provider.test_password(username, password) | |
26 return ldap.bind(username, password); | |
27 end | |
28 | |
29 function provider.user_exists(username) | |
30 local params = ldap.getparams() | |
31 | |
32 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); | |
33 | |
34 return ldap.singlematch { | |
35 base = params.user.basedn, | |
36 filter = filter, | |
37 }; | |
38 end | |
39 | |
40 function provider.get_password(username) | |
41 return nil, "Passwords unavailable for LDAP."; | |
42 end | |
43 | |
44 function provider.set_password(username, password) | |
45 return nil, "Passwords unavailable for LDAP."; | |
46 end | |
47 | |
48 function provider.create_user(username, password) | |
49 return nil, "Account creation/modification not available with LDAP."; | |
50 end | |
51 | |
52 function provider.get_sasl_handler() | |
53 local testpass_authentication_profile = { | |
54 plain_test = function(sasl, username, password, realm) | |
55 local prepped_username = nodeprep(username); | |
56 if not prepped_username then | |
57 module:log("debug", "NODEprep failed on username: %s", username); | |
58 return "", nil; | |
59 end | |
60 return provider.test_password(prepped_username, password), true; | |
61 end, | |
62 mechanisms = { PLAIN = true }, | |
63 }; | |
64 return new_sasl(module.host, testpass_authentication_profile); | |
65 end | |
66 | |
67 function provider.is_admin(jid) | |
68 local admin_config = ldap.getparams().admin; | |
69 | |
70 if not admin_config then | |
71 return; | |
72 end | |
73 | |
74 local ld = ldap:getconnection(); | |
75 local username = jsplit(jid); | |
76 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); | |
77 | |
78 return ldap.singlematch { | |
79 base = admin_config.basedn, | |
80 filter = filter, | |
81 }; | |
82 end | |
83 | |
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
84 module:provides("auth", provider); |