Comparison

mod_auth_ldap2/mod_auth_ldap.lua @ 809:1d51c5e38faa

Add LDAP plugin suite
author rob@hoelz.ro
date Sun, 02 Sep 2012 15:35:50 +0200
child 814:881ec9919144
comparison
equal deleted inserted replaced
808:ba2e207e1fb7 809:1d51c5e38faa
1 -- vim:sts=4 sw=4
2
3 -- Prosody IM
4 -- Copyright (C) 2008-2010 Matthew Wild
5 -- Copyright (C) 2008-2010 Waqas Hussain
6 -- Copyright (C) 2012 Rob Hoelz
7 --
8 -- This project is MIT/X11 licensed. Please see the
9 -- COPYING file in the source package for more information.
10 --
11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
12 -- adapted to use common LDAP store
13
14 local ldap = module:require 'ldap';
15 local new_sasl = require 'util.sasl'.new;
16 local nodeprep = require 'util.encodings'.stringprep.nodeprep;
17 local jsplit = require 'util.jid'.split;
18
19 if not ldap then
20 return;
21 end
22
23 local provider = { name = 'ldap' }
24
25 function provider.test_password(username, password)
26 return ldap.bind(username, password);
27 end
28
29 function provider.user_exists(username)
30 local params = ldap.getparams()
31
32 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);
33
34 return ldap.singlematch {
35 base = params.user.basedn,
36 filter = filter,
37 };
38 end
39
40 function provider.get_password(username)
41 return nil, "Passwords unavailable for LDAP.";
42 end
43
44 function provider.set_password(username, password)
45 return nil, "Passwords unavailable for LDAP.";
46 end
47
48 function provider.create_user(username, password)
49 return nil, "Account creation/modification not available with LDAP.";
50 end
51
52 function provider.get_sasl_handler()
53 local testpass_authentication_profile = {
54 plain_test = function(sasl, username, password, realm)
55 local prepped_username = nodeprep(username);
56 if not prepped_username then
57 module:log("debug", "NODEprep failed on username: %s", username);
58 return "", nil;
59 end
60 return provider.test_password(prepped_username, password), true;
61 end,
62 mechanisms = { PLAIN = true },
63 };
64 return new_sasl(module.host, testpass_authentication_profile);
65 end
66
67 function provider.is_admin(jid)
68 local admin_config = ldap.getparams().admin;
69
70 if not admin_config then
71 return;
72 end
73
74 local ld = ldap:getconnection();
75 local username = jsplit(jid);
76 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);
77
78 return ldap.singlematch {
79 base = admin_config.basedn,
80 filter = filter,
81 };
82 end
83
84 module:add_item("auth-provider", provider);