Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap/mod_auth_ldap.lua
author Kim Alvefur <zash@zash.se>
Thu, 15 Aug 2013 15:30:24 +0200
changeset 1163 52bee1247014
parent 1162 8e3420d48508
child 1190 c99d8b666eb4
permissions -rw-r--r--
mod_auth_ldap: Add a configurable scope, defaulting to onelevel
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
d76f47a608ab mod_auth_ldap: Convert to real line endings
Matthew Wild <mwild1@gmail.com>
parents: 286
diff changeset 
     1
 












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     2


local new_sasl = require "util.sasl".new;












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     3


local log = require "util.logger".init("auth_ldap");












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     4









1162






8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     5


local ldap_server = module:get_option_string("ldap_server", "localhost");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     6


local ldap_rootdn = module:get_option_string("ldap_rootdn", "");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     7


local ldap_password = module:get_option_string("ldap_password", "");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     8


local ldap_tls = module:get_option_boolean("ldap_tls");







1163






52bee1247014
mod_auth_ldap: Add a configurable scope, defaulting to onelevel



Kim Alvefur <zash@zash.se>


parents: 
1162

diff
changeset




     9


local ldap_scope = module:get_option_string("ldap_scope", "onelevel");







1162






8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




    10


local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    11














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    12


local lualdap = require "lualdap";












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    13


local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    14


module.unload = function() ld:close(); end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    15














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    16


function do_query(query)












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    17


	for dn, attribs in ld:search(query) do












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    18


		return true; -- found a result












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    19


	end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    20


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    21









814






881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.



Waqas Hussain <waqas20@gmail.com>


parents: 
342

diff
changeset




    22


local provider = {};







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    23














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    24


local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    25


function provider.test_password(username, password)












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    26


	return do_query({












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    27


		base = ldap_base;







1163






52bee1247014
mod_auth_ldap: Add a configurable scope, defaulting to onelevel



Kim Alvefur <zash@zash.se>


parents: 
1162

diff
changeset




    28


		scope = ldap_scope;







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    29


		filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))";












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    30


	});












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    31


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    32


function provider.user_exists(username)












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    33


	return do_query({












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    34


		base = ldap_base;







1163






52bee1247014
mod_auth_ldap: Add a configurable scope, defaulting to onelevel



Kim Alvefur <zash@zash.se>


parents: 
1162

diff
changeset




    35


		scope = ldap_scope;







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    36


		filter = "(uid="..ldap_filter_escape(username)..")";












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    37


	});












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    38


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    39














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    40


function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    41


function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    42


function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    43














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    44


function provider.get_sasl_handler()












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    45


	local testpass_authentication_profile = {







305






4c3abf1a9b5a
mod_auth_*, mod_saslauth_muc: Update SASL callbacks to take SASL handler as first argument.



Waqas Hussain <waqas20@gmail.com>


parents: 
293

diff
changeset




    46


		plain_test = function(sasl, username, password, realm)







902






490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.



Waqas Hussain <waqas20@gmail.com>


parents: 
814

diff
changeset




    47


			return provider.test_password(username, password), true;







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    48


		end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    49


	};







342






8e9e5c7d97ff
mod_auth_*: Get rid of undocumented and broken 'sasl_realm' config option.



Waqas Hussain <waqas20@gmail.com>


parents: 
305

diff
changeset




    50


	return new_sasl(module.host, testpass_authentication_profile);







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    51


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    52









814






881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.



Waqas Hussain <waqas20@gmail.com>


parents: 
342

diff
changeset




    53


module:provides("auth", provider);














prosody-modules