diff mod_auth_ldap2/mod_auth_ldap2.lua @ 927:a9dfa7232d88

Merge
author Matthew Wild <mwild1@gmail.com>
date Tue, 12 Mar 2013 12:10:25 +0000
parents 490cb9161c81
children f2b29183ef08
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_ldap2/mod_auth_ldap2.lua	Tue Mar 12 12:10:25 2013 +0000
@@ -0,0 +1,78 @@
+-- vim:sts=4 sw=4
+
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+-- Copyright (C) 2012 Rob Hoelz
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
+-- adapted to use common LDAP store
+
+local ldap     = module:require 'ldap';
+local new_sasl = require 'util.sasl'.new;
+local jsplit   = require 'util.jid'.split;
+
+if not ldap then
+    return;
+end
+
+local provider = {}
+
+function provider.test_password(username, password)
+    return ldap.bind(username, password);
+end
+
+function provider.user_exists(username)
+    local params = ldap.getparams()
+
+    local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);
+
+    return ldap.singlematch {
+        base   = params.user.basedn,
+        filter = filter,
+    };
+end
+
+function provider.get_password(username)
+    return nil, "Passwords unavailable for LDAP.";
+end
+
+function provider.set_password(username, password)
+    return nil, "Passwords unavailable for LDAP.";
+end
+
+function provider.create_user(username, password)
+    return nil, "Account creation/modification not available with LDAP.";
+end
+
+function provider.get_sasl_handler()
+    local testpass_authentication_profile = {
+        plain_test = function(sasl, username, password, realm)
+            return provider.test_password(username, password), true;
+        end,
+        mechanisms = { PLAIN = true },
+    };
+    return new_sasl(module.host, testpass_authentication_profile);
+end
+
+function provider.is_admin(jid)
+    local admin_config = ldap.getparams().admin;
+
+    if not admin_config then
+        return;
+    end
+
+    local ld       = ldap:getconnection();
+    local username = jsplit(jid);
+    local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);
+
+    return ldap.singlematch {
+        base   = admin_config.basedn,
+        filter = filter,
+    };
+end
+
+module:provides("auth", provider);