Mercurial > prosody-modules
changeset 1274:4b15437d6c56
mod_auth_ldap: Add support for binding
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 15 Jan 2014 14:45:37 +0100 (2014-01-15) |
parents | 1b543060f31e |
children | 50c427295767 |
files | mod_auth_ldap/mod_auth_ldap.lua |
diffstat | 1 files changed, 40 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_auth_ldap/mod_auth_ldap.lua Wed Jan 15 14:35:27 2014 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Wed Jan 15 14:45:37 2014 +0100 @@ -11,6 +11,7 @@ local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); +local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); -- Initiate connection local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); @@ -43,25 +44,48 @@ if attr.userPassword == password then return true end return ld:modify(dn, { '=', userPassword = password })(); end -function provider.get_password(username) - local dn, attr = get_user(username); - if dn and attr then - return attr.userPassword; + +if ldap_mode == "getpasswd" then + function provider.get_password(username) + local dn, attr = get_user(username); + if dn and attr then + return attr.userPassword; + end end -end + + function provider.test_password(username, password) + return provider.get_password(username) == password; + end -function provider.test_password(username, password) - return provider.get_password(username) == password; -end + function provider.get_sasl_handler() + return new_sasl(module.host, { + plain = function(sasl, username) + local password = provider.get_password(username); + if not password then return "", nil; end + return password, true; + end + }); + end +elseif ldap_mode == "bind" then + local function test_password(userdn, password) + return not not lualdap.open_simple(ldap_server, userdn, password, ldap_tls); + end -function provider.get_sasl_handler() - return new_sasl(module.host, { - plain = function(sasl, username) - local password = provider.get_password(username); - if not password then return "", nil; end - return password, true; - end - }); + function provider.test_password(username, password) + local dn = get_user(username); + if not dn then return end + return test_password(dn, password) + end + + function provider.get_sasl_handler() + return new_sasl(module.host, { + plain_test = function(sasl, username, password) + return provider.test_password(username, password), true; + end + }); + end +else + module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); end module:provides("auth", provider);