Mercurial > prosody-modules
diff mod_auth_ldap/mod_auth_ldap.lua @ 2056:e16593e7d482
mod_auth_ldap: Add support for having admin status indicated in LDAP
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 01 Mar 2016 10:40:25 +0100 |
parents | 6d7699eda594 |
children | 41565a743cad |
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua Tue Mar 01 10:31:10 2016 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Tue Mar 01 10:40:25 2016 +0100 @@ -1,5 +1,6 @@ -- mod_auth_ldap +local jid_split = require "util.jid".split; local new_sasl = require "util.sasl".new; local lualdap = require "lualdap"; local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end @@ -13,6 +14,7 @@ local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); local ldap_mode = module:get_option_string("ldap_mode", "bind"); +local ldap_admins = module:get_option_string("ldap_admin_filter"); local host = ldap_filter_escape(module:get_option_string("realm", module.host)); -- Initiate connection @@ -122,4 +124,19 @@ module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); end +if ldap_admins then + function provider.is_admin(jid) + local username = jid_split(jid); + return ldap_do("search", 2, { + base = ldap_base; + scope = ldap_scope; + sizelimit = 1; + filter = ldap_admins:gsub("%$(%a+)", { + user = ldap_filter_escape(username); + host = host; + }); + }); + end +end + module:provides("auth", provider);