|
809
|
1 -- vim:sts=4 sw=4
|
|
|
2
|
|
|
3 -- Prosody IM
|
|
|
4 -- Copyright (C) 2008-2010 Matthew Wild
|
|
|
5 -- Copyright (C) 2008-2010 Waqas Hussain
|
|
|
6 -- Copyright (C) 2012 Rob Hoelz
|
|
|
7 --
|
|
|
8 -- This project is MIT/X11 licensed. Please see the
|
|
|
9 -- COPYING file in the source package for more information.
|
|
|
10 --
|
|
|
11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
|
|
|
12 -- adapted to use common LDAP store
|
|
|
13
|
|
|
14 local ldap = module:require 'ldap';
|
|
|
15 local new_sasl = require 'util.sasl'.new;
|
|
|
16 local nodeprep = require 'util.encodings'.stringprep.nodeprep;
|
|
|
17 local jsplit = require 'util.jid'.split;
|
|
|
18
|
|
|
19 if not ldap then
|
|
|
20 return;
|
|
|
21 end
|
|
|
22
|
|
|
23 local provider = { name = 'ldap' }
|
|
|
24
|
|
|
25 function provider.test_password(username, password)
|
|
|
26 return ldap.bind(username, password);
|
|
|
27 end
|
|
|
28
|
|
|
29 function provider.user_exists(username)
|
|
|
30 local params = ldap.getparams()
|
|
|
31
|
|
|
32 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);
|
|
|
33
|
|
|
34 return ldap.singlematch {
|
|
|
35 base = params.user.basedn,
|
|
|
36 filter = filter,
|
|
|
37 };
|
|
|
38 end
|
|
|
39
|
|
|
40 function provider.get_password(username)
|
|
|
41 return nil, "Passwords unavailable for LDAP.";
|
|
|
42 end
|
|
|
43
|
|
|
44 function provider.set_password(username, password)
|
|
|
45 return nil, "Passwords unavailable for LDAP.";
|
|
|
46 end
|
|
|
47
|
|
|
48 function provider.create_user(username, password)
|
|
|
49 return nil, "Account creation/modification not available with LDAP.";
|
|
|
50 end
|
|
|
51
|
|
|
52 function provider.get_sasl_handler()
|
|
|
53 local testpass_authentication_profile = {
|
|
|
54 plain_test = function(sasl, username, password, realm)
|
|
|
55 local prepped_username = nodeprep(username);
|
|
|
56 if not prepped_username then
|
|
|
57 module:log("debug", "NODEprep failed on username: %s", username);
|
|
|
58 return "", nil;
|
|
|
59 end
|
|
|
60 return provider.test_password(prepped_username, password), true;
|
|
|
61 end,
|
|
|
62 mechanisms = { PLAIN = true },
|
|
|
63 };
|
|
|
64 return new_sasl(module.host, testpass_authentication_profile);
|
|
|
65 end
|
|
|
66
|
|
|
67 function provider.is_admin(jid)
|
|
|
68 local admin_config = ldap.getparams().admin;
|
|
|
69
|
|
|
70 if not admin_config then
|
|
|
71 return;
|
|
|
72 end
|
|
|
73
|
|
|
74 local ld = ldap:getconnection();
|
|
|
75 local username = jsplit(jid);
|
|
|
76 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);
|
|
|
77
|
|
|
78 return ldap.singlematch {
|
|
|
79 base = admin_config.basedn,
|
|
|
80 filter = filter,
|
|
|
81 };
|
|
|
82 end
|
|
|
83
|
|
|
84 module:add_item("auth-provider", provider);
|
