Mercurial > prosody-modules
comparison mod_auth_ldap2/mod_auth_ldap.lua @ 809:1d51c5e38faa
Add LDAP plugin suite
| author | rob@hoelz.ro |
|---|---|
| date | Sun, 02 Sep 2012 15:35:50 +0200 |
| parents | |
| children | 881ec9919144 |
comparison
equal
deleted
inserted
replaced
| 808:ba2e207e1fb7 | 809:1d51c5e38faa |
|---|---|
| 1 -- vim:sts=4 sw=4 | |
| 2 | |
| 3 -- Prosody IM | |
| 4 -- Copyright (C) 2008-2010 Matthew Wild | |
| 5 -- Copyright (C) 2008-2010 Waqas Hussain | |
| 6 -- Copyright (C) 2012 Rob Hoelz | |
| 7 -- | |
| 8 -- This project is MIT/X11 licensed. Please see the | |
| 9 -- COPYING file in the source package for more information. | |
| 10 -- | |
| 11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua | |
| 12 -- adapted to use common LDAP store | |
| 13 | |
| 14 local ldap = module:require 'ldap'; | |
| 15 local new_sasl = require 'util.sasl'.new; | |
| 16 local nodeprep = require 'util.encodings'.stringprep.nodeprep; | |
| 17 local jsplit = require 'util.jid'.split; | |
| 18 | |
| 19 if not ldap then | |
| 20 return; | |
| 21 end | |
| 22 | |
| 23 local provider = { name = 'ldap' } | |
| 24 | |
| 25 function provider.test_password(username, password) | |
| 26 return ldap.bind(username, password); | |
| 27 end | |
| 28 | |
| 29 function provider.user_exists(username) | |
| 30 local params = ldap.getparams() | |
| 31 | |
| 32 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); | |
| 33 | |
| 34 return ldap.singlematch { | |
| 35 base = params.user.basedn, | |
| 36 filter = filter, | |
| 37 }; | |
| 38 end | |
| 39 | |
| 40 function provider.get_password(username) | |
| 41 return nil, "Passwords unavailable for LDAP."; | |
| 42 end | |
| 43 | |
| 44 function provider.set_password(username, password) | |
| 45 return nil, "Passwords unavailable for LDAP."; | |
| 46 end | |
| 47 | |
| 48 function provider.create_user(username, password) | |
| 49 return nil, "Account creation/modification not available with LDAP."; | |
| 50 end | |
| 51 | |
| 52 function provider.get_sasl_handler() | |
| 53 local testpass_authentication_profile = { | |
| 54 plain_test = function(sasl, username, password, realm) | |
| 55 local prepped_username = nodeprep(username); | |
| 56 if not prepped_username then | |
| 57 module:log("debug", "NODEprep failed on username: %s", username); | |
| 58 return "", nil; | |
| 59 end | |
| 60 return provider.test_password(prepped_username, password), true; | |
| 61 end, | |
| 62 mechanisms = { PLAIN = true }, | |
| 63 }; | |
| 64 return new_sasl(module.host, testpass_authentication_profile); | |
| 65 end | |
| 66 | |
| 67 function provider.is_admin(jid) | |
| 68 local admin_config = ldap.getparams().admin; | |
| 69 | |
| 70 if not admin_config then | |
| 71 return; | |
| 72 end | |
| 73 | |
| 74 local ld = ldap:getconnection(); | |
| 75 local username = jsplit(jid); | |
| 76 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); | |
| 77 | |
| 78 return ldap.singlematch { | |
| 79 base = admin_config.basedn, | |
| 80 filter = filter, | |
| 81 }; | |
| 82 end | |
| 83 | |
| 84 module:add_item("auth-provider", provider); |