equal
deleted
inserted
replaced
1 -- mod_auth_ldap |
1 -- mod_auth_ldap |
2 |
2 |
|
3 local jid_split = require "util.jid".split; |
3 local new_sasl = require "util.sasl".new; |
4 local new_sasl = require "util.sasl".new; |
4 local lualdap = require "lualdap"; |
5 local lualdap = require "lualdap"; |
5 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
6 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
6 |
7 |
7 -- Config options |
8 -- Config options |
11 local ldap_tls = module:get_option_boolean("ldap_tls"); |
12 local ldap_tls = module:get_option_boolean("ldap_tls"); |
12 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); |
13 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); |
13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); |
14 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); |
14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
15 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); |
16 local ldap_mode = module:get_option_string("ldap_mode", "bind"); |
|
17 local ldap_admins = module:get_option_string("ldap_admin_filter"); |
16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); |
18 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); |
17 |
19 |
18 -- Initiate connection |
20 -- Initiate connection |
19 local ld = nil; |
21 local ld = nil; |
20 module.unload = function() if ld then pcall(ld, ld.close); end end |
22 module.unload = function() if ld then pcall(ld, ld.close); end end |
120 end |
122 end |
121 else |
123 else |
122 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); |
124 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); |
123 end |
125 end |
124 |
126 |
|
127 if ldap_admins then |
|
128 function provider.is_admin(jid) |
|
129 local username = jid_split(jid); |
|
130 return ldap_do("search", 2, { |
|
131 base = ldap_base; |
|
132 scope = ldap_scope; |
|
133 sizelimit = 1; |
|
134 filter = ldap_admins:gsub("%$(%a+)", { |
|
135 user = ldap_filter_escape(username); |
|
136 host = host; |
|
137 }); |
|
138 }); |
|
139 end |
|
140 end |
|
141 |
125 module:provides("auth", provider); |
142 module:provides("auth", provider); |