Mercurial > prosody-modules
view mod_auth_ldap2/mod_auth_ldap2.lua @ 2963:504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
author | Pascal Mathis <mail@pascalmathis.com> |
---|---|
date | Wed, 28 Mar 2018 20:47:41 +0200 |
parents | 490cb9161c81 |
children | f2b29183ef08 |
line wrap: on
line source
-- vim:sts=4 sw=4 -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2012 Rob Hoelz -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua -- adapted to use common LDAP store local ldap = module:require 'ldap'; local new_sasl = require 'util.sasl'.new; local jsplit = require 'util.jid'.split; if not ldap then return; end local provider = {} function provider.test_password(username, password) return ldap.bind(username, password); end function provider.user_exists(username) local params = ldap.getparams() local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); return ldap.singlematch { base = params.user.basedn, filter = filter, }; end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) return provider.test_password(username, password), true; end, mechanisms = { PLAIN = true }, }; return new_sasl(module.host, testpass_authentication_profile); end function provider.is_admin(jid) local admin_config = ldap.getparams().admin; if not admin_config then return; end local ld = ldap:getconnection(); local username = jsplit(jid); local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); return ldap.singlematch { base = admin_config.basedn, filter = filter, }; end module:provides("auth", provider);