Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1274:4b15437d6c56
mod_auth_ldap: Add support for binding
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 15 Jan 2014 14:45:37 +0100 |
| parents | 1b543060f31e |
| children | da2e593317d7 |
comparison
equal
deleted
inserted
replaced
| 1273:1b543060f31e | 1274:4b15437d6c56 |
|---|---|
| 9 local ldap_password = module:get_option_string("ldap_password", ""); | 9 local ldap_password = module:get_option_string("ldap_password", ""); |
| 10 local ldap_tls = module:get_option_boolean("ldap_tls"); | 10 local ldap_tls = module:get_option_boolean("ldap_tls"); |
| 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); |
| 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); | 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); |
| 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 14 local ldap_mode = module:get_option_string("ldap_mode", "getpasswd"); | |
| 14 | 15 |
| 15 -- Initiate connection | 16 -- Initiate connection |
| 16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 17 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
| 17 module.unload = function() ld:close(); end | 18 module.unload = function() ld:close(); end |
| 18 | 19 |
| 41 local dn, attr = get_user(username); | 42 local dn, attr = get_user(username); |
| 42 if not dn then return nil, attr end | 43 if not dn then return nil, attr end |
| 43 if attr.userPassword == password then return true end | 44 if attr.userPassword == password then return true end |
| 44 return ld:modify(dn, { '=', userPassword = password })(); | 45 return ld:modify(dn, { '=', userPassword = password })(); |
| 45 end | 46 end |
| 46 function provider.get_password(username) | 47 |
| 47 local dn, attr = get_user(username); | 48 if ldap_mode == "getpasswd" then |
| 48 if dn and attr then | 49 function provider.get_password(username) |
| 49 return attr.userPassword; | 50 local dn, attr = get_user(username); |
| 51 if dn and attr then | |
| 52 return attr.userPassword; | |
| 53 end | |
| 50 end | 54 end |
| 51 end | |
| 52 | 55 |
| 53 function provider.test_password(username, password) | 56 function provider.test_password(username, password) |
| 54 return provider.get_password(username) == password; | 57 return provider.get_password(username) == password; |
| 55 end | 58 end |
| 56 | 59 |
| 57 function provider.get_sasl_handler() | 60 function provider.get_sasl_handler() |
| 58 return new_sasl(module.host, { | 61 return new_sasl(module.host, { |
| 59 plain = function(sasl, username) | 62 plain = function(sasl, username) |
| 60 local password = provider.get_password(username); | 63 local password = provider.get_password(username); |
| 61 if not password then return "", nil; end | 64 if not password then return "", nil; end |
| 62 return password, true; | 65 return password, true; |
| 63 end | 66 end |
| 64 }); | 67 }); |
| 68 end | |
| 69 elseif ldap_mode == "bind" then | |
| 70 local function test_password(userdn, password) | |
| 71 return not not lualdap.open_simple(ldap_server, userdn, password, ldap_tls); | |
| 72 end | |
| 73 | |
| 74 function provider.test_password(username, password) | |
| 75 local dn = get_user(username); | |
| 76 if not dn then return end | |
| 77 return test_password(dn, password) | |
| 78 end | |
| 79 | |
| 80 function provider.get_sasl_handler() | |
| 81 return new_sasl(module.host, { | |
| 82 plain_test = function(sasl, username, password) | |
| 83 return provider.test_password(username, password), true; | |
| 84 end | |
| 85 }); | |
| 86 end | |
| 87 else | |
| 88 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); | |
| 65 end | 89 end |
| 66 | 90 |
| 67 module:provides("auth", provider); | 91 module:provides("auth", provider); |
