Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 191:fa7165dd82ee
mod_auth_ldap: An auth plugin for authentication against LDAP.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Thu, 01 Jul 2010 00:52:45 +0500 |
| parents | |
| children | 4a91047f9b5e |
comparison
equal
deleted
inserted
replaced
| 190:7a695ee3884b | 191:fa7165dd82ee |
|---|---|
| 1 | |
| 2 local new_sasl = require "util.sasl".new; | |
| 3 local nodeprep = require "util.encodings".stringprep.nodeprep; | |
| 4 local log = require "util.logger".init("auth_ldap"); | |
| 5 | |
| 6 local ldap_server = module:get_option("ldap_server") or "localhost"; | |
| 7 local ldap_rootdn = module:get_option("ldap_rootdn") or ""; | |
| 8 local ldap_password = module:get_option("ldap_password") or ""; | |
| 9 local ldap_tls = module:get_option("ldap_tls"); | |
| 10 local ldap_base = assert(module:get_option("ldap_base"), "ldap_base is a required option for ldap"); | |
| 11 | |
| 12 local lualdap = require "lualdap"; | |
| 13 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | |
| 14 module.unload = function() ld:close(); end | |
| 15 | |
| 16 function do_query(query) | |
| 17 for dn, attribs in ld:search(query) do | |
| 18 return true; -- found a result | |
| 19 end | |
| 20 end | |
| 21 | |
| 22 local provider = { name = "ldap" }; | |
| 23 | |
| 24 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | |
| 25 function provider.test_password(username, password) | |
| 26 return do_query({ | |
| 27 base = ldap_base; | |
| 28 filter = "(&(uid="..ldap_filter_escape(username)..")(userPassword="..ldap_filter_escape(password)..")(accountStatus=active))"; | |
| 29 }); | |
| 30 end | |
| 31 function provider.user_exists(username) | |
| 32 return do_query({ | |
| 33 base = ldap_base; | |
| 34 filter = "(uid="..ldap_filter_escape(username)..")"; | |
| 35 }); | |
| 36 end | |
| 37 | |
| 38 function provider.get_password(username) return nil, "Passwords unavailable for LDAP."; end | |
| 39 function provider.set_password(username, password) return nil, "Passwords unavailable for LDAP."; end | |
| 40 function provider.create_user(username, password) return nil, "Account creation/modification not available with LDAP."; end | |
| 41 | |
| 42 function provider.get_sasl_handler() | |
| 43 local realm = module:get_option("sasl_realm") or module.host; | |
| 44 local testpass_authentication_profile = { | |
| 45 plain_test = function(username, password, realm) | |
| 46 local prepped_username = nodeprep(username); | |
| 47 if not prepped_username then | |
| 48 log("debug", "NODEprep failed on username: %s", username); | |
| 49 return "", nil; | |
| 50 end | |
| 51 return provider.test_password(prepped_username, password, realm), true; | |
| 52 end | |
| 53 }; | |
| 54 return new_sasl(realm, testpass_authentication_profile); | |
| 55 end | |
| 56 | |
| 57 module:add_item("auth-provider", provider); |
