1 -- vim:sts=4 sw=4

     2 

     3 -- Prosody IM

     4 -- Copyright (C) 2008-2010 Matthew Wild

     5 -- Copyright (C) 2008-2010 Waqas Hussain

     6 -- Copyright (C) 2012 Rob Hoelz

     7 --

     8 -- This project is MIT/X11 licensed. Please see the

     9 -- COPYING file in the source package for more information.

    10 --

    11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua

    12 -- adapted to use common LDAP store

    13 

    14 local ldap     = module:require 'ldap';

    15 local new_sasl = require 'util.sasl'.new;

    16 local nodeprep = require 'util.encodings'.stringprep.nodeprep;

    17 local jsplit   = require 'util.jid'.split;

    18 

    19 if not ldap then

    20     return;

    21 end

    22 

    23 local provider = {}

    24 

    25 function provider.test_password(username, password)

    26     return ldap.bind(username, password);

    27 end

    28 

    29 function provider.user_exists(username)

    30     local params = ldap.getparams()

    31 

    32     local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);

    33 

    34     return ldap.singlematch {

    35         base   = params.user.basedn,

    36         filter = filter,

    37     };

    38 end

    39 

    40 function provider.get_password(username)

    41     return nil, "Passwords unavailable for LDAP.";

    42 end

    43 

    44 function provider.set_password(username, password)

    45     return nil, "Passwords unavailable for LDAP.";

    46 end

    47 

    48 function provider.create_user(username, password)

    49     return nil, "Account creation/modification not available with LDAP.";

    50 end

    51 

    52 function provider.get_sasl_handler()

    53     local testpass_authentication_profile = {

    54         plain_test = function(sasl, username, password, realm)

    55             local prepped_username = nodeprep(username);

    56             if not prepped_username then

    57                 module:log("debug", "NODEprep failed on username: %s", username);

    58                 return "", nil;

    59             end

    60             return provider.test_password(prepped_username, password), true;

    61         end,

    62         mechanisms = { PLAIN = true },

    63     };

    64     return new_sasl(module.host, testpass_authentication_profile);

    65 end

    66 

    67 function provider.is_admin(jid)

    68     local admin_config = ldap.getparams().admin;

    69 

    70     if not admin_config then

    71         return;

    72     end

    73 

    74     local ld       = ldap:getconnection();

    75     local username = jsplit(jid);

    76     local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);

    77 

    78     return ldap.singlematch {

    79         base   = admin_config.basedn,

    80         filter = filter,

    81     };

    82 end

    83 

    84 module:provides("auth", provider);