# HG changeset patch # User Rob Hoelz # Date 1354727266 -3600 # Node ID 675945ea2ed608effaa66f2c6e4e1bc25fd49195 # Parent 1b34c8e46ffb49729ce060f777abe58e16a233ca Change hoelzro's mod_auth_ldap to mod_auth_ldap2 diff -r 1b34c8e46ffb -r 675945ea2ed6 mod_auth_ldap2/mod_auth_ldap.lua --- a/mod_auth_ldap2/mod_auth_ldap.lua Fri Nov 23 19:04:10 2012 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,84 +0,0 @@ --- vim:sts=4 sw=4 - --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- Copyright (C) 2012 Rob Hoelz --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- --- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua --- adapted to use common LDAP store - -local ldap = module:require 'ldap'; -local new_sasl = require 'util.sasl'.new; -local nodeprep = require 'util.encodings'.stringprep.nodeprep; -local jsplit = require 'util.jid'.split; - -if not ldap then - return; -end - -local provider = {} - -function provider.test_password(username, password) - return ldap.bind(username, password); -end - -function provider.user_exists(username) - local params = ldap.getparams() - - local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); - - return ldap.singlematch { - base = params.user.basedn, - filter = filter, - }; -end - -function provider.get_password(username) - return nil, "Passwords unavailable for LDAP."; -end - -function provider.set_password(username, password) - return nil, "Passwords unavailable for LDAP."; -end - -function provider.create_user(username, password) - return nil, "Account creation/modification not available with LDAP."; -end - -function provider.get_sasl_handler() - local testpass_authentication_profile = { - plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - module:log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - return provider.test_password(prepped_username, password), true; - end, - mechanisms = { PLAIN = true }, - }; - return new_sasl(module.host, testpass_authentication_profile); -end - -function provider.is_admin(jid) - local admin_config = ldap.getparams().admin; - - if not admin_config then - return; - end - - local ld = ldap:getconnection(); - local username = jsplit(jid); - local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); - - return ldap.singlematch { - base = admin_config.basedn, - filter = filter, - }; -end - -module:provides("auth", provider); diff -r 1b34c8e46ffb -r 675945ea2ed6 mod_auth_ldap2/mod_auth_ldap2.lua --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_auth_ldap2/mod_auth_ldap2.lua Wed Dec 05 18:07:46 2012 +0100 @@ -0,0 +1,84 @@ +-- vim:sts=4 sw=4 + +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- Copyright (C) 2012 Rob Hoelz +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua +-- adapted to use common LDAP store + +local ldap = module:require 'ldap'; +local new_sasl = require 'util.sasl'.new; +local nodeprep = require 'util.encodings'.stringprep.nodeprep; +local jsplit = require 'util.jid'.split; + +if not ldap then + return; +end + +local provider = {} + +function provider.test_password(username, password) + return ldap.bind(username, password); +end + +function provider.user_exists(username) + local params = ldap.getparams() + + local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); + + return ldap.singlematch { + base = params.user.basedn, + filter = filter, + }; +end + +function provider.get_password(username) + return nil, "Passwords unavailable for LDAP."; +end + +function provider.set_password(username, password) + return nil, "Passwords unavailable for LDAP."; +end + +function provider.create_user(username, password) + return nil, "Account creation/modification not available with LDAP."; +end + +function provider.get_sasl_handler() + local testpass_authentication_profile = { + plain_test = function(sasl, username, password, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + module:log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + return provider.test_password(prepped_username, password), true; + end, + mechanisms = { PLAIN = true }, + }; + return new_sasl(module.host, testpass_authentication_profile); +end + +function provider.is_admin(jid) + local admin_config = ldap.getparams().admin; + + if not admin_config then + return; + end + + local ld = ldap:getconnection(); + local username = jsplit(jid); + local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); + + return ldap.singlematch { + base = admin_config.basedn, + filter = filter, + }; +end + +module:provides("auth", provider); diff -r 1b34c8e46ffb -r 675945ea2ed6 mod_lib_ldap/README.md --- a/mod_lib_ldap/README.md Fri Nov 23 19:04:10 2012 +0100 +++ b/mod_lib_ldap/README.md Wed Dec 05 18:07:46 2012 +0100 @@ -12,7 +12,7 @@ With that note in mind, you need to set 'allow\_unencrypted\_plain\_auth' to true in your configuration if you want to use LDAP authentication. -To enable LDAP authentication, set 'authentication' to 'ldap' in your configuration file. +To enable LDAP authentication, set 'authentication' to 'ldap2' in your configuration file. See also http://prosody.im/doc/authentication. # LDAP Storage diff -r 1b34c8e46ffb -r 675945ea2ed6 mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua --- a/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua Fri Nov 23 19:04:10 2012 +0100 +++ b/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua Wed Dec 05 18:07:46 2012 +0100 @@ -1,6 +1,6 @@ -- Use Include 'prosody-posix-ldap.cfg.lua' from prosody.cfg.lua to include this file -authentication = 'ldap' -- Indicate that we want to use LDAP for authentication -storage = 'ldap' -- Indicate that we want to use LDAP for roster/vcard storage +authentication = 'ldap2' -- Indicate that we want to use LDAP for authentication +storage = 'ldap' -- Indicate that we want to use LDAP for roster/vcard storage ldap = { hostname = 'localhost', -- LDAP server location