Mercurial > prosody-modules
view mod_auth_ldap2/mod_auth_ldap.lua @ 809:1d51c5e38faa
Add LDAP plugin suite
author | rob@hoelz.ro |
---|---|
date | Sun, 02 Sep 2012 15:35:50 +0200 |
parents | |
children | 881ec9919144 |
line wrap: on
line source
-- vim:sts=4 sw=4 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2012 Rob Hoelz -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua -- adapted to use common LDAP store local ldap = module:require 'ldap'; local new_sasl = require 'util.sasl'.new; local nodeprep = require 'util.encodings'.stringprep.nodeprep; local jsplit = require 'util.jid'.split; if not ldap then return; end local provider = { name = 'ldap' } function provider.test_password(username, password) return ldap.bind(username, password); end function provider.user_exists(username) local params = ldap.getparams() local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); return ldap.singlematch { base = params.user.basedn, filter = filter, }; end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local prepped_username = nodeprep(username); if not prepped_username then module:log("debug", "NODEprep failed on username: %s", username); return "", nil; end return provider.test_password(prepped_username, password), true; end, mechanisms = { PLAIN = true }, }; return new_sasl(module.host, testpass_authentication_profile); end function provider.is_admin(jid) local admin_config = ldap.getparams().admin; if not admin_config then return; end local ld = ldap:getconnection(); local username = jsplit(jid); local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); return ldap.singlematch { base = admin_config.basedn, filter = filter, }; end module:add_item("auth-provider", provider);