Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1287:da2e593317d7
mod_auth_ldap: Switch config format for ldap_filter to eg (uid=$user)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 24 Jan 2014 18:22:23 +0100 |
| parents | 4b15437d6c56 |
| children | ab638f6b53dc |
comparison
equal
deleted
inserted
replaced
| 1286:9700c89f7bf6 | 1287:da2e593317d7 |
|---|---|
| 1 -- mod_auth_ldap | 1 -- mod_auth_ldap |
| 2 | 2 |
| 3 local new_sasl = require "util.sasl".new; | 3 local new_sasl = require "util.sasl".new; |
| 4 local lualdap = require "lualdap"; | 4 local lualdap = require "lualdap"; |
| 5 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | |
| 5 | 6 |
| 6 -- Config options | 7 -- Config options |
| 7 local ldap_server = module:get_option_string("ldap_server", "localhost"); | 8 local ldap_server = module:get_option_string("ldap_server", "localhost"); |
| 8 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); | 9 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); |
| 9 local ldap_password = module:get_option_string("ldap_password", ""); | 10 local ldap_password = module:get_option_string("ldap_password", ""); |
| 10 local ldap_tls = module:get_option_boolean("ldap_tls"); | 11 local ldap_tls = module:get_option_boolean("ldap_tls"); |
| 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | 12 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); |
| 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); | 13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); |
| 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 14 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); | 15 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); |
| 16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); | |
| 15 | 17 |
| 16 -- Initiate connection | 18 -- Initiate connection |
| 17 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 19 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
| 18 module.unload = function() ld:close(); end | 20 module.unload = function() ld:close(); end |
| 19 | |
| 20 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | |
| 21 | 21 |
| 22 local function get_user(username) | 22 local function get_user(username) |
| 23 module:log("debug", "get_user(%q)", username); | 23 module:log("debug", "get_user(%q)", username); |
| 24 return ld:search({ | 24 return ld:search({ |
| 25 base = ldap_base; | 25 base = ldap_base; |
| 26 scope = ldap_scope; | 26 scope = ldap_scope; |
| 27 filter = ldap_filter:format(ldap_filter_escape(username)); | 27 filter = ldap_filter:gsub("%$(%a+)", { |
| 28 user = ldap_filter_escape(username); | |
| 29 host = host; | |
| 30 }); | |
| 28 })(); | 31 })(); |
| 29 end | 32 end |
| 30 | 33 |
| 31 local provider = {}; | 34 local provider = {}; |
| 32 | 35 |