Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1163:52bee1247014
mod_auth_ldap: Add a configurable scope, defaulting to onelevel
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 15 Aug 2013 15:30:24 +0200 |
| parents | 8e3420d48508 |
| children | c99d8b666eb4 |
comparison
equal
deleted
inserted
replaced
| 1162:8e3420d48508 | 1163:52bee1247014 |
|---|---|
| 4 | 4 |
| 5 local ldap_server = module:get_option_string("ldap_server", "localhost"); | 5 local ldap_server = module:get_option_string("ldap_server", "localhost"); |
| 6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); | 6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); |
| 7 local ldap_password = module:get_option_string("ldap_password", ""); | 7 local ldap_password = module:get_option_string("ldap_password", ""); |
| 8 local ldap_tls = module:get_option_boolean("ldap_tls"); | 8 local ldap_tls = module:get_option_boolean("ldap_tls"); |
| 9 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | |
| 9 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 10 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 10 | 11 |
| 11 local lualdap = require "lualdap"; | 12 local lualdap = require "lualdap"; |
| 12 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 13 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
| 13 module.unload = function() ld:close(); end | 14 module.unload = function() ld:close(); end |
| 22 | 23 |
| 23 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | 24 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
| 24 function provider.test_password(username, password) | 25 function provider.test_password(username, password) |
| 25 return do_query({ | 26 return do_query({ |
| 26 base = ldap_base; | 27 base = ldap_base; |
| 28 scope = ldap_scope; | |
| 27 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; | 29 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; |
| 28 }); | 30 }); |
| 29 end | 31 end |
| 30 function provider.user_exists(username) | 32 function provider.user_exists(username) |
| 31 return do_query({ | 33 return do_query({ |
| 32 base = ldap_base; | 34 base = ldap_base; |
| 35 scope = ldap_scope; | |
| 33 filter = "(uid="..ldap_filter_escape(username)..")"; | 36 filter = "(uid="..ldap_filter_escape(username)..")"; |
| 34 }); | 37 }); |
| 35 end | 38 end |
| 36 | 39 |
| 37 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end | 40 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end |