Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 2056:e16593e7d482
mod_auth_ldap: Add support for having admin status indicated in LDAP
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 01 Mar 2016 10:40:25 +0100 |
| parents | 6d7699eda594 |
| children | 41565a743cad |
comparison
equal
deleted
inserted
replaced
| 2055:2c6d84fb82d9 | 2056:e16593e7d482 |
|---|---|
| 1 -- mod_auth_ldap | 1 -- mod_auth_ldap |
| 2 | 2 |
| 3 local jid_split = require "util.jid".split; | |
| 3 local new_sasl = require "util.sasl".new; | 4 local new_sasl = require "util.sasl".new; |
| 4 local lualdap = require "lualdap"; | 5 local lualdap = require "lualdap"; |
| 5 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | 6 local function ldap_filter_escape(s) return (s:gsub("[*()\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
| 6 | 7 |
| 7 -- Config options | 8 -- Config options |
| 11 local ldap_tls = module:get_option_boolean("ldap_tls"); | 12 local ldap_tls = module:get_option_boolean("ldap_tls"); |
| 12 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); | 13 local ldap_scope = module:get_option_string("ldap_scope", "subtree"); |
| 13 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); | 14 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); |
| 14 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 15 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
| 15 local ldap_mode = module:get_option_string("ldap_mode", "bind"); | 16 local ldap_mode = module:get_option_string("ldap_mode", "bind"); |
| 17 local ldap_admins = module:get_option_string("ldap_admin_filter"); | |
| 16 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); | 18 local host = ldap_filter_escape(module:get_option_string("realm", module.host)); |
| 17 | 19 |
| 18 -- Initiate connection | 20 -- Initiate connection |
| 19 local ld = nil; | 21 local ld = nil; |
| 20 module.unload = function() if ld then pcall(ld, ld.close); end end | 22 module.unload = function() if ld then pcall(ld, ld.close); end end |
| 120 end | 122 end |
| 121 else | 123 else |
| 122 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); | 124 module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode)); |
| 123 end | 125 end |
| 124 | 126 |
| 127 if ldap_admins then | |
| 128 function provider.is_admin(jid) | |
| 129 local username = jid_split(jid); | |
| 130 return ldap_do("search", 2, { | |
| 131 base = ldap_base; | |
| 132 scope = ldap_scope; | |
| 133 sizelimit = 1; | |
| 134 filter = ldap_admins:gsub("%$(%a+)", { | |
| 135 user = ldap_filter_escape(username); | |
| 136 host = host; | |
| 137 }); | |
| 138 }); | |
| 139 end | |
| 140 end | |
| 141 | |
| 125 module:provides("auth", provider); | 142 module:provides("auth", provider); |
