diff mod_auth_ldap/mod_auth_ldap.lua @ 1287:da2e593317d7

mod_auth_ldap: Switch config format for ldap_filter to eg (uid=$user)
author Kim Alvefur <zash@zash.se>
date Fri, 24 Jan 2014 18:22:23 +0100
parents 4b15437d6c56
children ab638f6b53dc
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua	Thu Jan 23 20:27:14 2014 +0000
+++ b/mod_auth_ldap/mod_auth_ldap.lua	Fri Jan 24 18:22:23 2014 +0100
@@ -2,6 +2,7 @@
 
 local new_sasl = require "util.sasl".new;
 local lualdap = require "lualdap";
+local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
 
 -- Config options
 local ldap_server = module:get_option_string("ldap_server", "localhost");
@@ -9,22 +10,24 @@
 local ldap_password = module:get_option_string("ldap_password", "");
 local ldap_tls = module:get_option_boolean("ldap_tls");
 local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
-local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)");
+local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd");
+local host = ldap_filter_escape(module:get_option_string("realm", module.host));
 
 -- Initiate connection
 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
 module.unload = function() ld:close(); end
 
-local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
-
 local function get_user(username)
 	module:log("debug", "get_user(%q)", username);
 	return ld:search({
 		base = ldap_base;
 		scope = ldap_scope;
-		filter = ldap_filter:format(ldap_filter_escape(username));
+		filter = ldap_filter:gsub("%$(%a+)", {
+			user = ldap_filter_escape(username);
+			host = host;
+		});
 	})();
 end