Mercurial > prosody-modules

view mod_auth_ldap2/mod_auth_ldap2.lua @ 2491:5fbca7de2088

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_smacks: Send out more ack requests where needed Under some circumstances it was possible that more than "max_unacked_stanzas" where left in the outgoing stanza queue without forcing an ack. This could happen, when more stanzas entered the queue while the last ack request was still unanswered. Now the test "#queue > max_unacked_stanzas" is done upon receiving an ack as well as when sending out stanzas, which fixes this bug.
author tmolitor <thilo@eightysoft.de>
date Sun, 12 Feb 2017 19:27:50 +0100
parents 490cb9161c81
children f2b29183ef08
line wrap: on
line source

-- vim:sts=4 sw=4

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
-- Copyright (C) 2012 Rob Hoelz
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
-- adapted to use common LDAP store

local ldap     = module:require 'ldap';
local new_sasl = require 'util.sasl'.new;
local jsplit   = require 'util.jid'.split;

if not ldap then
    return;
end

local provider = {}

function provider.test_password(username, password)
    return ldap.bind(username, password);
end

function provider.user_exists(username)
    local params = ldap.getparams()

    local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);

    return ldap.singlematch {
        base   = params.user.basedn,
        filter = filter,
    };
end

function provider.get_password(username)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.set_password(username, password)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.create_user(username, password)
    return nil, "Account creation/modification not available with LDAP.";
end

function provider.get_sasl_handler()
    local testpass_authentication_profile = {
        plain_test = function(sasl, username, password, realm)
            return provider.test_password(username, password), true;
        end,
        mechanisms = { PLAIN = true },
    };
    return new_sasl(module.host, testpass_authentication_profile);
end

function provider.is_admin(jid)
    local admin_config = ldap.getparams().admin;

    if not admin_config then
        return;
    end

    local ld       = ldap:getconnection();
    local username = jsplit(jid);
    local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);

    return ldap.singlematch {
        base   = admin_config.basedn,
        filter = filter,
    };
end

module:provides("auth", provider);