Mercurial > prosody-modules

changeset 878:6b7a2d1a1879

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merging from upstream
author Rob Hoelz <rob@hoelz.ro>
date Mon, 10 Dec 2012 22:37:41 +0100
parents cd2262969d2e (diff) efa9c1676d1f (current diff)
children 3a17fc0127b1
files
diffstat 5 files changed, 70 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/mod_lib_ldap/dev/posix-users.ldif	Sun Dec 09 10:55:39 2012 +0100
+++ b/mod_lib_ldap/dev/posix-users.ldif	Mon Dec 10 22:37:41 2012 +0100
@@ -19,6 +19,10 @@
 ou: Users
 objectclass: organizationalUnit
 
+dn: ou=Admins,ou=Users,dc=example,dc=com
+ou: Admins
+objectclass: organizationalUnit
+
 dn: uid=one,ou=Users,dc=example,dc=com
 objectclass: posixAccount
 objectclass: person
@@ -212,6 +216,28 @@
  K7j+qA4/I0UUNElHxV4s0HW/D81vBcP54IeNWiYZP5ehNeM3NrP5rFImYZ6gUUVDirmsJNKxGsE6
  9YZB/wABNTJkcEEfWiigpM6rwgyR6vDLJ/q4zvb6Dmiiioe5dj//2Q==
 
+dn: uid=six,ou=Admins,ou=Users,dc=example,dc=com
+objectclass: posixAccount
+objectclass: person
+uid: six
+uidNumber: 1005
+gidNumber: 1005
+sn: Testerson
+cn: Admin Testerson
+userPassword: 123456
+homeDirectory: /home/six
+
+dn: uid=seven,ou=Users,dc=example,dc=com
+objectclass: posixAccount
+objectclass: person
+uid: seven
+uidNumber: 1006
+gidNumber: 1006
+sn: User
+cn: Invalid User
+userPassword: 1234567
+homeDirectory: /home/seven
+
 dn: cn=Everyone,ou=Groups,dc=example,dc=com
 objectclass: posixGroup
 cn: Everyone
--- a/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua	Sun Dec 09 10:55:39 2012 +0100
+++ b/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua	Mon Dec 10 22:37:41 2012 +0100
@@ -8,10 +8,10 @@
     bind_password = 'prosody',                      -- Bind password (optional if anonymous bind is supported)
 
     user = {
-      basedn        = 'ou=Users,dc=example,dc=com', -- The base DN where user records can be found
-      filter        = 'objectClass=posixAccount',   -- Filter expression to find user records under basedn
-      usernamefield = 'uid',                        -- The field that contains the user's ID (this will be the username portion of the JID)
-      namefield     = 'cn',                         -- The field that contains the user's full name (this will be the alias found in the roster)
+      basedn        = 'ou=Users,dc=example,dc=com',                  -- The base DN where user records can be found
+      filter        = '(&(objectClass=posixAccount)(!(uid=seven)))', -- Filter expression to find user records under basedn
+      usernamefield = 'uid',                                         -- The field that contains the user's ID (this will be the username portion of the JID)
+      namefield     = 'cn',                                          -- The field that contains the user's full name (this will be the alias found in the roster)
     },
 
     groups = {
--- a/mod_lib_ldap/dev/t/00-login.t	Sun Dec 09 10:55:39 2012 +0100
+++ b/mod_lib_ldap/dev/t/00-login.t	Mon Dec 10 22:37:41 2012 +0100
@@ -11,9 +11,10 @@
     'three',
     'four',
     'five',
+    'six',
 );
 
-plan tests => scalar(@users) + 2;
+plan tests => scalar(@users) + 3;
 
 foreach my $username (@users) {
     my $conn = TestConnection->new($username);
@@ -23,7 +24,7 @@
     });
 
     my $error = $conn->cond->recv;
-    ok(! $error) or diag($error);
+    ok(! $error) or diag("$username login failed: $error");
 }
 
 do {
@@ -38,7 +39,7 @@
 };
 
 do {
-    my $conn = TestConnection->new('six', password => '12345');
+    my $conn = TestConnection->new('invalid', password => '12345');
 
     $conn->reg_cb(session_ready => sub {
         $conn->cond->send;
@@ -47,3 +48,14 @@
     my $error = $conn->cond->recv;
     ok($error);
 };
+
+do {
+    my $conn = TestConnection->new('seven', password => '1234567');
+
+    $conn->reg_cb(session_ready => sub {
+        $conn->cond->send;
+    });
+
+    my $error = $conn->cond->recv;
+    ok($error);
+};
--- a/mod_lib_ldap/dev/t/TestConnection.pm	Sun Dec 09 10:55:39 2012 +0100
+++ b/mod_lib_ldap/dev/t/TestConnection.pm	Mon Dec 10 22:37:41 2012 +0100
@@ -14,6 +14,8 @@
     three => '34512',
     four  => '45123',
     five  => '51234',
+    six   => '123456',
+    seven => '1234567',
 );
 
 sub new {
--- a/mod_lib_ldap/ldap.lib.lua	Sun Dec 09 10:55:39 2012 +0100
+++ b/mod_lib_ldap/ldap.lib.lua	Mon Dec 10 22:37:41 2012 +0100
@@ -177,7 +177,27 @@
 
 -- XXX consider renaming this...it doesn't bind the current connection
 function _M.bind(username, password)
-    local who = format('%s=%s,%s', params.user.usernamefield, username, params.user.basedn);
+    local conn   = _M.getconnection();
+    local filter = format('%s=%s', params.user.usernamefield, username);
+
+    if filter then
+        filter = _M.filter.combine_and(filter, params.user.filter);
+    end
+
+    local who = _M.singlematch {
+        attrs     = params.user.usernamefield,
+        base      = params.user.basedn,
+        filter    = filter,
+    };
+
+    if who then
+        who = who.dn;
+        module:log('debug', '_M.bind - who: %s', who);
+    else
+        module:log('debug', '_M.bind - no DN found for username = %s', username);
+        return nil, format('no DN found for username = %s', username);
+    end
+
     local conn, err = ldap.open_simple(params.hostname, who, password, params.use_tls);
 
     if conn then
@@ -192,9 +212,10 @@
     local ld = _M.getconnection();
 
     query.sizelimit = 1;
-    query.scope     = 'onelevel';
+    query.scope     = 'subtree';
 
     for dn, attribs in ld:search(query) do
+        attribs.dn = dn;
         return attribs;
     end
 end