Mercurial > prosody-modules

comparison mod_auth_ldap/mod_auth_ldap.lua @ 1274:4b15437d6c56

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap: Add support for binding
author Kim Alvefur <zash@zash.se>
date Wed, 15 Jan 2014 14:45:37 +0100
parents 1b543060f31e
children da2e593317d7
comparison
equal deleted inserted replaced
1273:1b543060f31e 1274:4b15437d6c56
9 local ldap_password = module:get_option_string("ldap_password", ""); 9 local ldap_password = module:get_option_string("ldap_password", "");
10 local ldap_tls = module:get_option_boolean("ldap_tls"); 10 local ldap_tls = module:get_option_boolean("ldap_tls");
11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)");
13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
14 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd");
14 15
15 -- Initiate connection 16 -- Initiate connection
16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); 17 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
17 module.unload = function() ld:close(); end 18 module.unload = function() ld:close(); end
18 19
41 local dn, attr = get_user(username); 42 local dn, attr = get_user(username);
42 if not dn then return nil, attr end 43 if not dn then return nil, attr end
43 if attr.userPassword == password then return true end 44 if attr.userPassword == password then return true end
44 return ld:modify(dn, { '=', userPassword = password })(); 45 return ld:modify(dn, { '=', userPassword = password })();
45 end 46 end
46 function provider.get_password(username) 47
47 local dn, attr = get_user(username); 48 if ldap_mode == "getpasswd" then
48 if dn and attr then 49 function provider.get_password(username)
49 return attr.userPassword; 50 local dn, attr = get_user(username);
51 if dn and attr then
52 return attr.userPassword;
53 end
50 end 54 end
51 end
52 55
53 function provider.test_password(username, password) 56 function provider.test_password(username, password)
54 return provider.get_password(username) == password; 57 return provider.get_password(username) == password;
55 end 58 end
56 59
57 function provider.get_sasl_handler() 60 function provider.get_sasl_handler()
58 return new_sasl(module.host, { 61 return new_sasl(module.host, {
59 plain = function(sasl, username) 62 plain = function(sasl, username)
60 local password = provider.get_password(username); 63 local password = provider.get_password(username);
61 if not password then return "", nil; end 64 if not password then return "", nil; end
62 return password, true; 65 return password, true;
63 end 66 end
64 }); 67 });
68 end
69 elseif ldap_mode == "bind" then
70 local function test_password(userdn, password)
71 return not not lualdap.open_simple(ldap_server, userdn, password, ldap_tls);
72 end
73
74 function provider.test_password(username, password)
75 local dn = get_user(username);
76 if not dn then return end
77 return test_password(dn, password)
78 end
79
80 function provider.get_sasl_handler()
81 return new_sasl(module.host, {
82 plain_test = function(sasl, username, password)
83 return provider.test_password(username, password), true;
84 end
85 });
86 end
87 else
88 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
65 end 89 end
66 90
67 module:provides("auth", provider); 91 module:provides("auth", provider);