Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1273:1b543060f31e
mod_auth_ldap: Cleanup, reorder and some comments
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 15 Jan 2014 14:35:27 +0100 |
| parents | 3e5f8e844325 |
| children | 4b15437d6c56 |
comparison
equal
deleted
inserted
replaced
| 1272:717a08403b26 | 1273:1b543060f31e |
|---|---|
| 1 -- mod_auth_ldap | |
| 1 | 2 |
| 2 local new_sasl = require "util.sasl".new; | 3 local new_sasl = require "util.sasl".new; |
| 3 local log = require "util.logger".init("auth_ldap"); | 4 local lualdap = require "lualdap"; |
| 4 | 5 |
| 6 -- Config options | |
| 5 local ldap_server = module:get_option_string("ldap_server", "localhost"); | 7 local ldap_server = module:get_option_string("ldap_server", "localhost"); |
| 6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); | 8 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); |
| 7 local ldap_password = module:get_option_string("ldap_password", ""); | 9 local ldap_password = module:get_option_string("ldap_password", ""); |
| 8 local ldap_tls = module:get_option_boolean("ldap_tls"); | 10 local ldap_tls = module:get_option_boolean("ldap_tls"); |
| 9 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); |
| 10 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); | 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); |
| 11 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 12 | 14 |
| 13 local lualdap = require "lualdap"; | 15 -- Initiate connection |
| 14 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
| 15 module.unload = function() ld:close(); end | 17 module.unload = function() ld:close(); end |
| 16 | 18 |
| 17 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | 19 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
| 18 | 20 |
| 25 })(); | 27 })(); |
| 26 end | 28 end |
| 27 | 29 |
| 28 local provider = {}; | 30 local provider = {}; |
| 29 | 31 |
| 32 function provider.create_user(username, password) | |
| 33 return nil, "Account creation not available with LDAP."; | |
| 34 end | |
| 35 | |
| 36 function provider.user_exists(username) | |
| 37 return not not get_user(username); | |
| 38 end | |
| 39 | |
| 40 function provider.set_password(username, password) | |
| 41 local dn, attr = get_user(username); | |
| 42 if not dn then return nil, attr end | |
| 43 if attr.userPassword == password then return true end | |
| 44 return ld:modify(dn, { '=', userPassword = password })(); | |
| 45 end | |
| 30 function provider.get_password(username) | 46 function provider.get_password(username) |
| 31 local dn, attr = get_user(username); | 47 local dn, attr = get_user(username); |
| 32 if dn and attr then | 48 if dn and attr then |
| 33 return attr.userPassword; | 49 return attr.userPassword; |
| 34 end | 50 end |
| 35 end | 51 end |
| 36 | 52 |
| 37 function provider.test_password(username, password) | 53 function provider.test_password(username, password) |
| 38 return provider.get_password(username) == password; | 54 return provider.get_password(username) == password; |
| 39 end | 55 end |
| 40 function provider.user_exists(username) | |
| 41 return not not get_user(username); | |
| 42 end | |
| 43 function provider.set_password(username, password) | |
| 44 local dn, attr = get_user(username); | |
| 45 if not dn then return nil, attr end | |
| 46 if attr.userPassword == password then return true end | |
| 47 return ld:modify(dn, { '=', userPassword = password })(); | |
| 48 end | |
| 49 function provider.create_user(username, password) return nil, "Account creation not available with LDAP."; end | |
| 50 | 56 |
| 51 function provider.get_sasl_handler() | 57 function provider.get_sasl_handler() |
| 52 return new_sasl(module.host, { | 58 return new_sasl(module.host, { |
| 53 plain = function(sasl, username) | 59 plain = function(sasl, username) |
| 54 local password = provider.get_password(username); | 60 local password = provider.get_password(username); |
