Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap/mod_auth_ldap.lua
changeset 2060 e16593e7d482
parent 1991 6d7699eda594
child 2778 41565a743cad
equal deleted inserted replaced
2059:2c6d84fb82d9 2060:e16593e7d482 
     1 -- mod_auth_ldap
 
     1 -- mod_auth_ldap
 
     2 
     2 
       
     3 local jid_split = require "util.jid".split;
 
     3 local new_sasl = require "util.sasl".new;
 
     4 local new_sasl = require "util.sasl".new;
 
     4 local lualdap = require "lualdap";
 
     5 local lualdap = require "lualdap";
 
     5 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
 
     6 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
 
     6 
     7 
     7 -- Config options
 
     8 -- Config options
 
    11 local ldap_tls = module:get_option_boolean("ldap_tls");
 
    12 local ldap_tls = module:get_option_boolean("ldap_tls");
 
    12 local ldap_scope = module:get_option_string("ldap_scope", "subtree");
 
    13 local ldap_scope = module:get_option_string("ldap_scope", "subtree");
 
    13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
 
    14 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
 
    14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
 
    15 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
 
    15 local ldap_mode = module:get_option_string("ldap_mode", "bind");
 
    16 local ldap_mode = module:get_option_string("ldap_mode", "bind");
 
       
    17 local ldap_admins = module:get_option_string("ldap_admin_filter");
 
    16 local host = ldap_filter_escape(module:get_option_string("realm", module.host));
 
    18 local host = ldap_filter_escape(module:get_option_string("realm", module.host));
 
    17 
    19 
    18 -- Initiate connection
 
    20 -- Initiate connection
 
    19 local ld = nil;
 
    21 local ld = nil;
 
    20 module.unload = function() if ld then pcall(ld, ld.close); end end
 
    22 module.unload = function() if ld then pcall(ld, ld.close); end end
 
   120 	end
 
   122 	end
 
   121 else
 
   123 else
 
   122 	module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
 
   124 	module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
 
   123 end
 
   125 end
 
   124 
   126 
       
   127 if ldap_admins then
 
       
   128 	function provider.is_admin(jid)
 
       
   129 		local username = jid_split(jid);
 
       
   130 		return ldap_do("search", 2, {
 
       
   131 			base = ldap_base;
 
       
   132 			scope = ldap_scope;
 
       
   133 			sizelimit = 1;
 
       
   134 			filter = ldap_admins:gsub("%$(%a+)", {
 
       
   135 				user = ldap_filter_escape(username);
 
       
   136 				host = host;
 
       
   137 			});
 
       
   138 		});
 
       
   139 	end
 
       
   140 end
 
       
   141 
   125 module:provides("auth", provider);
 
   142 module:provides("auth", provider);
prosody-modules