# HG changeset patch # User Kim Alvefur # Date 1389793537 -3600 # Node ID 4b15437d6c56caa25076bc52a651fb2370e5b270 # Parent 1b543060f31ef312eb57da905f2773ed6784a7cc mod_auth_ldap: Add support for binding diff -r 1b543060f31e -r 4b15437d6c56 mod_auth_ldap/mod_auth_ldap.lua --- a/mod_auth_ldap/mod_auth_ldap.lua Wed Jan 15 14:35:27 2014 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Wed Jan 15 14:45:37 2014 +0100 @@ -11,6 +11,7 @@ local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); +local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); -- Initiate connection local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); @@ -43,25 +44,48 @@ if attr.userPassword == password then return true end return ld:modify(dn, { '=', userPassword = password })(); end -function provider.get_password(username) - local dn, attr = get_user(username); - if dn and attr then - return attr.userPassword; + +if ldap_mode == "getpasswd" then + function provider.get_password(username) + local dn, attr = get_user(username); + if dn and attr then + return attr.userPassword; + end end -end + + function provider.test_password(username, password) + return provider.get_password(username) == password; + end -function provider.test_password(username, password) - return provider.get_password(username) == password; -end + function provider.get_sasl_handler() + return new_sasl(module.host, { + plain = function(sasl, username) + local password = provider.get_password(username); + if not password then return "", nil; end + return password, true; + end + }); + end +elseif ldap_mode == "bind" then + local function test_password(userdn, password) + return not not lualdap.open_simple(ldap_server, userdn, password, ldap_tls); + end -function provider.get_sasl_handler() - return new_sasl(module.host, { - plain = function(sasl, username) - local password = provider.get_password(username); - if not password then return "", nil; end - return password, true; - end - }); + function provider.test_password(username, password) + local dn = get_user(username); + if not dn then return end + return test_password(dn, password) + end + + function provider.get_sasl_handler() + return new_sasl(module.host, { + plain_test = function(sasl, username, password) + return provider.test_password(username, password), true; + end + }); + end +else + module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); end module:provides("auth", provider);