# HG changeset patch # User Kim Alvefur # Date 1390584143 -3600 # Node ID da2e593317d7d3affe0b21abe521ef0502c18c29 # Parent 9700c89f7bf67cc27862743f46f1192e0a1069e9 mod_auth_ldap: Switch config format for ldap_filter to eg (uid=$user) diff -r 9700c89f7bf6 -r da2e593317d7 mod_auth_ldap/mod_auth_ldap.lua --- a/mod_auth_ldap/mod_auth_ldap.lua Thu Jan 23 20:27:14 2014 +0000 +++ b/mod_auth_ldap/mod_auth_ldap.lua Fri Jan 24 18:22:23 2014 +0100 @@ -2,6 +2,7 @@ local new_sasl = require "util.sasl".new; local lualdap = require "lualdap"; +local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end -- Config options local ldap_server = module:get_option_string("ldap_server", "localhost"); @@ -9,22 +10,24 @@ local ldap_password = module:get_option_string("ldap_password", ""); local ldap_tls = module:get_option_boolean("ldap_tls"); local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); -local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); +local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); +local host = ldap_filter_escape(module:get_option_string("realm", module.host)); -- Initiate connection local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); module.unload = function() ld:close(); end -local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end - local function get_user(username) module:log("debug", "get_user(%q)", username); return ld:search({ base = ldap_base; scope = ldap_scope; - filter = ldap_filter:format(ldap_filter_escape(username)); + filter = ldap_filter:gsub("%$(%a+)", { + user = ldap_filter_escape(username); + host = host; + }); })(); end