Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1611:770236ea9678
mod_auth_ldap: Fix use of ldap_search, and generalize it to support password modification as well.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Fri, 13 Feb 2015 11:06:06 -0500 |
| parents | 062ed39a1805 |
| children | 6d7699eda594 |
comparison
equal
deleted
inserted
replaced
| 1610:062ed39a1805 | 1611:770236ea9678 |
|---|---|
| 17 | 17 |
| 18 -- Initiate connection | 18 -- Initiate connection |
| 19 local ld = nil; | 19 local ld = nil; |
| 20 module.unload = function() if ld then pcall(ld, ld.close); end end | 20 module.unload = function() if ld then pcall(ld, ld.close); end end |
| 21 | 21 |
| 22 function ldap_search_once(args) | 22 function ldap_do_once(method, ...) |
| 23 if ld == nil then | 23 if ld == nil then |
| 24 local err; | 24 local err; |
| 25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); | 25 ld, err = lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls); |
| 26 if not ld then return nil, err, "reconnect"; end | 26 if not ld then return nil, err, "reconnect"; end |
| 27 end | 27 end |
| 28 | 28 |
| 29 local success, iterator, invariant, initial = pcall(ld.search, ld, args); | 29 local success, iterator, invariant, initial = pcall(ld[method], ld, ...); |
| 30 if not success then ld = nil; return nil, iterator, "search"; end | 30 if not success then ld = nil; return nil, iterator, "search"; end |
| 31 | 31 |
| 32 local success, dn, attr = pcall(iterator, invariant, initial); | 32 local success, dn, attr = pcall(iterator, invariant, initial); |
| 33 if not success then ld = nil; return success, dn, "iter"; end | 33 if not success then ld = nil; return success, dn, "iter"; end |
| 34 | 34 |
| 35 return dn, attr, "return"; | 35 return dn, attr, "return"; |
| 36 end | 36 end |
| 37 | 37 |
| 38 function ldap_search(args, retry_count) | 38 function ldap_do(method, retry_count, ...) |
| 39 local dn, attr, where; | 39 local dn, attr, where; |
| 40 for i=1,1+retry_count do | 40 for i=1,1+retry_count do |
| 41 dn, attr, where = ldap_search_once(args); | 41 dn, attr, where = ldap_do_once(method, ...); |
| 42 if dn or not(attr) then break; end -- nothing or something found | 42 if dn or not(attr) then break; end -- nothing or something found |
| 43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); | 43 module:log("warn", "LDAP: %s %s (in %s)", tostring(dn), tostring(attr), where); |
| 44 -- otherwise retry | 44 -- otherwise retry |
| 45 end | 45 end |
| 46 if not dn and attr then | 46 if not dn and attr then |
| 49 return dn, attr; | 49 return dn, attr; |
| 50 end | 50 end |
| 51 | 51 |
| 52 local function get_user(username) | 52 local function get_user(username) |
| 53 module:log("debug", "get_user(%q)", username); | 53 module:log("debug", "get_user(%q)", username); |
| 54 for dn, attr in ldap_search({ | 54 return ldap_do("search", 2, { |
| 55 base = ldap_base; | 55 base = ldap_base; |
| 56 scope = ldap_scope; | 56 scope = ldap_scope; |
| 57 sizelimit = 1; | 57 sizelimit = 1; |
| 58 filter = ldap_filter:gsub("%$(%a+)", { | 58 filter = ldap_filter:gsub("%$(%a+)", { |
| 59 user = ldap_filter_escape(username); | 59 user = ldap_filter_escape(username); |
| 60 host = host; | 60 host = host; |
| 61 }); | 61 }); |
| 62 }, 3) do return dn, attr; end | 62 }); |
| 63 end | 63 end |
| 64 | 64 |
| 65 local provider = {}; | 65 local provider = {}; |
| 66 | 66 |
| 67 function provider.create_user(username, password) | 67 function provider.create_user(username, password) |
| 74 | 74 |
| 75 function provider.set_password(username, password) | 75 function provider.set_password(username, password) |
| 76 local dn, attr = get_user(username); | 76 local dn, attr = get_user(username); |
| 77 if not dn then return nil, attr end | 77 if not dn then return nil, attr end |
| 78 if attr.userPassword == password then return true end | 78 if attr.userPassword == password then return true end |
| 79 return ld:modify(dn, { '=', userPassword = password })(); | 79 return ldap_do("modify", 2, dn, { '=', userPassword = password }); |
| 80 end | 80 end |
| 81 | 81 |
| 82 if ldap_mode == "getpasswd" then | 82 if ldap_mode == "getpasswd" then |
| 83 function provider.get_password(username) | 83 function provider.get_password(username) |
| 84 local dn, attr = get_user(username); | 84 local dn, attr = get_user(username); |
