Mercurial > prosody-modules
view mod_auth_ldap/mod_auth_ldap.lua @ 307:eeef1fa57f88
mod_admin_web: Specify only directory as bosh service, so it (normally) doesn't need changing (Thanks Zash)
author | Florian Zeitz <florob@babelmonkeys.de> |
---|---|
date | Mon, 27 Dec 2010 21:50:51 +0100 |
parents | 4c3abf1a9b5a |
children | 8e9e5c7d97ff |
line wrap: on
line source
local new_sasl = require "util.sasl".new; local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("auth_ldap"); local ldap_server = module:get_option("ldap_server") or "localhost"; local ldap_rootdn = module:get_option("ldap_rootdn") or ""; local ldap_password = module:get_option("ldap_password") or ""; local ldap_tls = module:get_option("ldap_tls"); local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap"); local lualdap = require "lualdap"; local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); module.unload = function() ld:close(); end function do_query(query) for dn, attribs in ld:search(query) do return true; -- found a result end end local provider = { name = "ldap" }; local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end function provider.test_password(username, password) return do_query({ base = ldap_base; filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; }); end function provider.user_exists(username) return do_query({ base = ldap_base; filter = "(uid="..ldap_filter_escape(username)..")"; }); end function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end function provider.get_sasl_handler() local realm = module:get_option("sasl_realm") or module.host; local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local prepped_username = nodeprep(username); if not prepped_username then log("debug", "NODEprep failed on username: %s", username); return "", nil; end return provider.test_password(prepped_username, password), true; end }; return new_sasl(realm, testpass_authentication_profile); end module:add_item("auth-provider", provider);