Mercurial > prosody-modules
annotate mod_auth_ldap/mod_auth_ldap.lua @ 198:a3b5810de3e4
mod_archive: XEP-0059 Result Set Management for Retrieving a Collection is DONE
author | shinysky<shinysky1986(AT)gmail.com> |
---|---|
date | Wed, 07 Jul 2010 22:07:36 +0800 |
parents | fa7165dd82ee |
children | 4a91047f9b5e |
rev | line source |
---|---|
191
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 local new_sasl = require "util.sasl".new; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 local nodeprep = require "util.encodings".stringprep.nodeprep; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 local log = require "util.logger".init("auth_ldap"); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 local ldap_server = module:get_option("ldap_server") or "localhost"; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 local ldap_rootdn = module:get_option("ldap_rootdn") or ""; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 local ldap_password = module:get_option("ldap_password") or ""; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 local ldap_tls = module:get_option("ldap_tls"); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap"); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 local lualdap = require "lualdap"; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 module.unload = function() ld:close(); end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 function do_query(query) |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 for dn, attribs in ld:search(query) do |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 return true; -- found a result |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 local provider = { name = "ldap" }; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 function provider.test_password(username, password) |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 return do_query({ |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
27 base = ldap_base; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 }); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 function provider.user_exists(username) |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 return do_query({ |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 base = ldap_base; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 filter = "(uid="..ldap_filter_escape(username)..")"; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
35 }); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 function provider.get_sasl_handler() |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 local realm = module:get_option("sasl_realm") or module.host; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 local testpass_authentication_profile = { |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 plain_test = function(username, password, realm) |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 local prepped_username = nodeprep(username); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 if not prepped_username then |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 log("debug", "NODEprep failed on username: %s", username); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 return "", nil; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 return provider.test_password(prepped_username, password, realm), true; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 }; |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
54 return new_sasl(realm, testpass_authentication_profile); |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 end |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
56 |
fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 module:add_item("auth-provider", provider); |