prosody-modules: mod_auth_ldap/mod_auth_ldap.lua@4a91047f9b5e (annotated)

191 fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	1
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	2	local new_sasl = require "util.sasl".new;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	3	local nodeprep = require "util.encodings".stringprep.nodeprep;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	4	local log = require "util.logger".init("auth_ldap");
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	5
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	6	local ldap_server = module:get_option("ldap_server") or "localhost";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	7	local ldap_rootdn = module:get_option("ldap_rootdn") or "";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	8	local ldap_password = module:get_option("ldap_password") or "";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	9	local ldap_tls = module:get_option("ldap_tls");
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	10	local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap");
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	11
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	12	local lualdap = require "lualdap";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	13	local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	14	module.unload = function() ld:close(); end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	15
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	16	function do_query(query)
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	17	for dn, attribs in ld:search(query) do
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	18	return true; -- found a result
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	19	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	20	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	21
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	22	local provider = { name = "ldap" };
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	23
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	24	local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	25	function provider.test_password(username, password)
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	26	return do_query({
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	27	base = ldap_base;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	28	filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	29	});
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	30	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	31	function provider.user_exists(username)
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	32	return do_query({
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	33	base = ldap_base;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	34	filter = "(uid="..ldap_filter_escape(username)..")";
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	35	});
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	36	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	37
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	38	function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	39	function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	40	function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	41
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	42	function provider.get_sasl_handler()
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	43	local realm = module:get_option("sasl_realm") or module.host;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	44	local testpass_authentication_profile = {
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	45	plain_test = function(username, password, realm)
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	46	local prepped_username = nodeprep(username);
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	47	if not prepped_username then
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	48	log("debug", "NODEprep failed on username: %s", username);
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	49	return "", nil;
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	50	end
218 4a91047f9b5e mod_auth_ldap: Update for new usermanager.test_password syntax Matthew Wild <mwild1@gmail.com> parents: 191 diff changeset	51	return provider.test_password(prepped_username, realm, password), true;
191 fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	52	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	53	};
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	54	return new_sasl(realm, testpass_authentication_profile);
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	55	end
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	56
fa7165dd82ee mod_auth_ldap: An auth plugin for authentication against LDAP. Waqas Hussain <waqas20@gmail.com> parents: diff changeset	57	module:add_item("auth-provider", provider);

author	Matthew Wild <mwild1@gmail.com>
	Wed, 21 Jul 2010 21:04:02 +0100
changeset 218	4a91047f9b5e
parent 191	fa7165dd82ee
child 286	ca6199d73d68
permissions	-rw-r--r--