Mercurial > prosody-modules
view mod_auth_ldap/mod_auth_ldap.lua @ 737:e4ea03b060ed
mod_archive: switch from/to
The XEP-0136 is not very explicit about the meening of <from> and <to>
elements, but the examples are clear: <from> means it comes from the user in
the 'with' attribute of the collection.
That is the opposite of what is currently implemented in that module.
So for better compatibility with complient clients, this switch the 'from' and
'to' fields
author | Olivier Goffart <ogoffart@woboq.com> |
---|---|
date | Wed, 04 Jul 2012 14:08:43 +0200 |
parents | 8e9e5c7d97ff |
children | 881ec9919144 |
line wrap: on
line source
local new_sasl = require "util.sasl".new; local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("auth_ldap"); local ldap_server = module:get_option("ldap_server") or "localhost"; local ldap_rootdn = module:get_option("ldap_rootdn") or ""; local ldap_password = module:get_option("ldap_password") or ""; local ldap_tls = module:get_option("ldap_tls"); local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap"); local lualdap = require "lualdap"; local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); module.unload = function() ld:close(); end function do_query(query) for dn, attribs in ld:search(query) do return true; -- found a result end end local provider = { name = "ldap" }; local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end function provider.test_password(username, password) return do_query({ base = ldap_base; filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; }); end function provider.user_exists(username) return do_query({ base = ldap_base; filter = "(uid="..ldap_filter_escape(username)..")"; }); end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local prepped_username = nodeprep(username); if not prepped_username then log("debug", "NODEprep failed on username: %s", username); return "", nil; end return provider.test_password(prepped_username, password), true; end }; return new_sasl(module.host, testpass_authentication_profile); end module:add_item("auth-provider", provider);