Mercurial > prosody-modules
view mod_auth_ldap2/mod_auth_ldap2.lua @ 5119:048e339706ba
mod_rest: Remove manual reference expansion in schema
This hack was originally added to reduce the number of definitions of
common attributes (type, to, from etc) and payloads (e.g. delay). This
predated pointers and references, and until now was needed because
parsing picked out the correct stanza kind from the schema, which broke
internal references.
Removing this hack paves the way for allowing the schema to be
configured or customized more easily.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 20 Dec 2022 21:48:28 +0100 |
parents | f2b29183ef08 |
children |
line wrap: on
line source
-- vim:sts=4 sw=4 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2012 Rob Hoelz -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua -- adapted to use common LDAP store local ldap = module:require 'ldap'; local new_sasl = require 'util.sasl'.new; local jsplit = require 'util.jid'.split; if not ldap then return; end local provider = {} function provider.test_password(username, password) return ldap.bind(username, password); end function provider.user_exists(username) local params = ldap.getparams() local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); return ldap.singlematch { base = params.user.basedn, filter = filter, }; end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) return provider.test_password(username, password), true; end, mechanisms = { PLAIN = true }, }; return new_sasl(module.host, testpass_authentication_profile); end function provider.is_admin(jid) local username, userhost = jsplit(jid); if userhost ~= module.host then return false; end local admin_config = ldap.getparams().admin; if not admin_config then return; end local ld = ldap:getconnection(); local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); return ldap.singlematch { base = admin_config.basedn, filter = filter, }; end module:provides("auth", provider);